Cyber Attack Compromised Indonesia Data Centre, Ransom Sought

Summary:
On June 24th, in Jakarta, Indonesia, the country's national data center experienced a significant cyber attack, as reported by Reuters. The attack had widespread repercussions, particularly disrupting immigration procedures at airports nationwide. Long queues formed at immigration counters due to the disruption caused by the cyber incident. Minister Budi Arie Setiadi of Indonesia's communications ministry disclosed that the perpetrator behind the attack deployed a new variant of malicious software known as Lockbit 3.0. This software is notorious for its ransomware capabilities, encrypting victim data and demanding a ransom payment for decryption.

The attack targeted various government services, with a notable impact on automated passport machines, which were rendered temporarily non-functional. Efforts are currently underway by the communications ministry to restore the affected services, prioritizing the normalization of immigration operations. Regarding the ransom demand of $8 million, Minister Budi Arie Setiadi did not confirm whether any payment had been made to the attackers. Ransomware attacks typically involve demands for payment in cryptocurrency, often reaching substantial sums running into millions of dollars.

Security Officer Comments:
Semuel Abrijani Pangerapan, an official from the communications ministry, highlighted that detailed digital forensic investigations are ongoing to ascertain the full extent of the breach and gather additional information about the attack's origins and methods. This incident is the latest in a series of cyber attacks targeting Indonesian entities in recent years.

Past incidents include the exposure of account details for millions of customers of Bank Syariah Indonesia and a ransomware attack on Indonesia's central bank, which fortunately did not impact public services. Cybersecurity expert Teguh Aprianto described this latest attack as severe, noting that it caused unprecedented disruptions to Indonesia's public services over multiple days. He also pointed out systemic issues within government infrastructure, operational procedures, and vendor management that may have contributed to the vulnerability exploited in this cyber attack.


Suggested Corrections:
The Indonesian government continues to address the aftermath of this cyber incident, emphasizing the importance of bolstering cybersecurity measures to prevent future breaches and mitigate potential impacts on critical services and infrastructure.

Link(s):
https://www.reuters.com/technology/...ntre-ransom-sought-reports-antara-2024-06-24/