Indonesia govt data centre disrupted by cyber attack, faces S$10.8 million ransom demand

The National Data Centre managed by Indonesia's Kominfo has been disrupted since Jun. 20, 2024.

Keyla Supharta | June 25, 2024, 12:39 AM



Indonesia's National Data Centre, which manages data for ministries and institutions, experienced a disruption due to a ransomware cyber attack.

The perpetrator of the attack is reportedly demanding 131 billion rupiah (S$10.8 million) in exchange for the stolen data, Tempo and CNN Indonesia reported.

Disrupted since Jun. 20, 2024.

The National Data Centre, managed by Indonesia's communications and information ministry (Kominfo), has been disrupted for a week since Jun. 20, 2024.

The disruption resulted in the shutdown of the digital services of the immigration Directorate General.

Online services for new students' enrolment in many regions have also been disrupted, forcing the local government to extend the registration period.

Deputy Minister of Kominfo, Nezar Patria, said the hackers are likely from abroad.

According to Nezar, while some data is encrypted and inaccessible, there is currently no threat of the data being deleted.

Government will not pay ransom

“What is being attacked is our national interest,” said Nezar.

Meanwhile, the Minister of Kominfo, Budi Arie Setiadi, said on Monday (Jun. 24) that the government will not pay the 131 billion rupiah (S$10.8 million) ransom demanded by the hacker.

Cyber attack compromised temporary data centre

The cyber attack has compromised the temporary data centre, said the Head of the National Cyber and Encryption Agency (BSN) Hinsa Siburian at a press conference on Jun. 24, 2024.

Temporary data centres were set up in Surabaya and Jakarta, as the construction of the main National Data Centre (PDN) has not been completed.

According to Hinsa, the need to run business processes and government processes led the Ministry of Communication and Information Technology (Kominfo) to create the temporary data centres.

"So these data are being stored in a temporary data centre," he said.

The government's focus at the moment is to complete and restore the temporary National Data Centre as soon as possible.

Identified type of ransomware

"This temporary data centre incident is a cyberattack in the form of ransomware, called Brain Cypher Ransomware," said Hinsa.

His agency reportedly managed to identify the type of ransomware, after the forensic team inspected a variety of data samples.

Hinsa said that identifying the type of ransomware is important, so the team can anticipate it in other locations.

Information gathered will be shared with other government officials to help mitigation efforts.

Top image via Baqotun0023/Wikipedia.