Indonesia recovers data after major cyber attack

Indonesia recovers data after major cyber attack is profiled by BTW Media because published evidence links it to internet infrastructure, governance, operational dependencies, or market visibility.

• Indonesia is recovering from a ransomware attack by Brain Cipher, impacting over 160 government agencies.
• The incident underscores critical data backup failures, triggering calls for the Communications Minister’s resignation and highlighting urgent cybersecurity reforms needed to protect national services.

OUR TAKE
It is absurd that government agencies’ data is not backed up, which underscores the urgent need for Indonesia to reassess its cybersecurity protocols and data management policies. Robust data protection isn’t optional, it’s instead essential. Without serious reform, Indonesia remains a sitting duck for future cyber threats.
–Ashley Wang, BTW reporter

What happened

Indonesia has begun recovering data encrypted in a major ransomware attack last month that impacted over 160 government agencies. The attack, identified as being carried out by the group Brain Cipher, demanded an $8 million ransom to unlock the data, which was then rejected by the government. However, in a surprising turn, the attackers later apologised and provided the decryption key for free, according to Singapore-based cybersecurity firm StealthMole.

The ransomware attack, which utilised the malicious software LockBit 3.0, severely disrupted multiple government services, including immigration and operations at major airports. Chief Security Minister Hadi Tjahjanto announced that data for 30 public services managed by 12 ministries had been recovered using a “decryption strategy.” However, he did not elaborate on whether the government used Brain Cipher’s decryption key. “The communications ministry is using a decryption strategy to recover services or assets from ministries, state agencies, and regional governments that are affected. We are handling this gradually,” the statement said.

Also read: Indonesia stands firm against $8 million cyber ransom demand

Also read: 5 insights from Mark Lamb on revolutionising cybersecurity communication

Why it’s important

The attack exposed a critical vulnerability that the majority of the data stored in the compromised data centres had not been backed up. This oversight has sparked widespread criticism and calls for the resignation of Communications Minister Budi Arie Setiadi, whose ministry is responsible for the data centres.

This incident highlights the urgent need for Indonesia to reassess its cybersecurity protocols and data management policies. The failure to back up critical data reveals significant governance issues and a lack of preparedness for cyber threats. As the country continues to restore its services, the attack serves as a stark reminder of the importance of robust cybersecurity measures and the need for comprehensive data protection strategies.

The government aims to fully restore all affected services by August. This recovery effort marks a pivotal moment for Indonesia, underscoring the necessity of investing in cybersecurity infrastructure to safeguard against future attacks and ensure the resilience of its national services.