Indonesian data center hack disrupts critical public services

Cyber security debt concept image showing multi-colored padlock on top of a circuit board.
(Image credit: Getty Images)

A cyber attack on an Indonesian data center has taken out critical public services in the country, according to the Indonesian Communications Ministry. 

Disruptions occurred at the ‘Government Cloud Computing Services’ ecosystem level as a result of a suspected ransomware attack, and the Indonesian government is still working to rectify all the issues. 

The Ministry confirmed the attack disrupted several government services, with some of the most affected relating to the region’s immigration systems including visa, immigration checkpoint, passport, and document management services.

Though now restored, these systems had experienced issues since Thursday 20 and governmental bodies within Indonesia had to collaborate to deal with the problem. 

Other services are still in the process of being restored, director of the communications ministry Samuel Abrijani Pangerapan Pangerapan told reporters. The country’s investment licensing systems, for example, are not yet operational. 

Threat actors are reportedly demanding an $8 million ransom after deploying a version of the LockBit ransomware which encrypts the data and prevents access to it. 

The attack began after attempts were made to deactivate the system’s Windows Defender security features, following which malicious files were installed, file systems deleted, and services disabled.

The Indonesian government is investigating the attack though Communication and Informatics Minister Budi Arie Setiadi has confirmed to The Independent that it won't pay the ransom.  

According to Suzan Sakarya, senior security strategy manager at Jamf, the government’s refusal to pay a ransom is “extremely positive”.

“Ransom payments are the lifeblood of groups such as LockBit, and how they fund future criminal activity. If they fail to gain a payment, their attack has ultimately failed,” she told ITPro

“Threat actors can also consider you a soft target and launch another attack in the future,”  Kelvin Lim, senior director at the Synopsys Software Integrity Group, told ITPro.

“The victim should instead focus their resources on recovery from the attack and improving their cyber security posture against future attacks," he added. 

Indonesia will look to strengthen its critical infrastructure

Vice President Ma'ruf Amin commented that the country would be taking “anticipatory” steps to protect governmental data and affiliated public services to avoid similar incidents in the future.  

He added that the Indonesian government will focus on the implementation of a unified national data policy so that data is not spread out on different systems.

"Protecting critical infrastructure from cyber attacks is as important as protecting it from physical attacks, because the consequences can be equally disastrous,” Anne Cutler, Cybersecurity Expert at Keeper Security, told ITPro

RELATED WHITEPAPER

Global threat report 2024

(Image credit: Crowdstrike)

Stay ahead of today’s threats

“The recent cyber attack on Indonesia's national data center serves as a reminder of this reality, ” she added. 

“The tangible impact was evident, disrupting airport operations and highlighting how cyber attacks on critical infrastructure can have immediate and significant consequences for Indonesians,” she added. 

Data centers are increasingly considered critical infrastructure in terms of national importance, with both the UK and Singapore drafting legislation as part of moves over the last year. 

George Fitzmaurice
Staff Writer

George Fitzmaurice is a staff writer at ITPro, ChannelPro, and CloudPro, with a particular interest in AI regulation, data legislation, and market development. After graduating from the University of Oxford with a degree in English Language and Literature, he undertook an internship at the New Statesman before starting at ITPro. Outside of the office, George is both an aspiring musician and an avid reader.