Key Points
- Indonesia was hit by a major ransomware attack affecting over 160 government agencies.
- Brain Cipher demanded an $8 million ransom but later provided the decryption key for free.
- The attack disrupted immigration services and airport operations, highlighting critical vulnerabilities.
- The government recovers data for 30 public services managed by 12 ministries using a “decryption strategy.”
Indonesia announced it is starting to recover data encrypted during a significant ransomware attack last month that impacted over 160 government agencies. The cyberattack, perpetrated by a group identified as Brain Cipher, initially demanded an $8 million ransom to unlock the data. However, as Singapore-based cybersecurity firm StealthMole reported, the group later apologized and released the decryption key for free.
The ransomware attack severely disrupted multiple government services, including immigration and operations at major airports. Indonesian officials admitted that most of the affected data had not been backed up, compounding the severity of the breach.
On Thursday, Chief Security Minister Hadi Tjahjanto stated that data for 30 public services managed by 12 ministries had been recovered through a “decryption strategy.” However, he did not provide details on the specific methods used for data recovery.
“The communications ministry is using a decryption strategy to recover services or assets from ministries, state agencies, and the regional governments that are affected. We are handling this gradually,” the statement read.
It remains unclear whether the government used the decryption key provided by Brain Cipher. Chief Security Minister Hadi Tjahjanto and Communications Minister Budi Arie Setiadi’s requests for comments went unanswered. Ransomware attackers typically use software to encrypt data and then demand payment from victims to restore access. In this case, Indonesia identified the malicious software used in the attack as Lockbit 3.0.
The ransomware attack had an extensive impact, affecting critical government functions and public services. The breach highlighted vulnerabilities in Indonesia’s cybersecurity infrastructure, particularly the lack of data backups, which exacerbated the challenges faced during the recovery process. StealthMole, the cybersecurity firm tracking the incident, noted that Brain Cipher’s decision to release the decryption key for free was unusual. Typically, ransomware groups maintain their ransom demands to capitalize on the encrypted data.
As Indonesia continues its data recovery efforts, the incident underscores the importance of robust cybersecurity measures, including regular data backups and comprehensive incident response plans. The government’s gradual approach to restoring affected services reflects the complexity and scale of the recovery process.
Indonesia may need to reassess its cybersecurity policies and infrastructure to prevent future attacks. It includes investing in advanced cybersecurity technologies, training personnel, and establishing more resilient data management practices.