Indonesia Rejects $8 Million Ransom Demand After Cyberattack on National Data Center

Jogyakarta International Airport on Jan. 1, 2024.

JAKARTA — Indonesia’s national data center has been targeted by a hacking group demanding an $8 million ransom, which the government has refused to pay.

The cyberattack has disrupted services for over 200 government agencies at both the national and regional levels since last Thursday, according to Samuel Abrijani Pangerapan, the director general of informatics applications at the Communications and Informatics Ministry.

Some government services have been restored—immigration services at airports and other locations are now operational—but efforts continue to bring back other services such as investment licensing, Pangerapan told reporters Monday.

The attackers have taken data hostage and offered a decryption key in exchange for the $8 million ransom, said Herlan Wijanarko, the director of network & IT solutions for PT Telkom Indonesia, without providing further details.

Wijanarko stated that the company, in collaboration with domestic and international authorities, is investigating and attempting to break the encryption that has made data inaccessible.

Communication and Informatics Minister Budi Arie Setiadi informed journalists that the government will not pay the ransom.

“We have done our best to carry out recovery while the (National Cyber and Crypto Agency) is currently conducting forensics,” Setiadi added.

The head of that agency, Hinsa Siburian, said they had detected samples of the Lockbit 3.0 ransomware.

Pratama Persadha, chairman of Indonesia’s Cybersecurity Research Institute, said the current cyberattack was the most severe in a series of ransomware attacks that have targeted Indonesian government agencies and companies since 2017.

“The disruption to the national data center and days-long recovery period indicate that this ransomware attack was exceptional,” Persadha said. “It demonstrates that our cyber infrastructure and its server systems were not being adequately managed.”

He said a ransomware attack would be insignificant if the government had a robust backup system that could automatically take over the main server of the national data center during a cyberattack.

Indonesia’s central bank was attacked by ransomware in 2022, but public services were unaffected. The health ministry’s COVID-19 app was hacked in 2021, exposing the personal data and health status of 1.3 million people.

Last year, an intelligence platform that monitors malicious activities in cyberspace, Dark Tracer, revealed that a hacker group known as the LockBit ransomware had claimed to have stolen 1.5 terabytes of data managed by Indonesia’s largest Islamic bank, Bank Syariah Indonesia.