The country’s communications-and-Informatics ministry is progressively restoring disrupted public services and attempting to recover the now-locked national data centre assets

A ransomware attack on Indonesia’s national data center has caused widespread disruption to the country’s public services since 20 June 2024, with officials working to restore operations.

The attackers have asked for US$8m before they will offer an access key to the encrypted stolen data, but according to the Director General of Informatics Applications (Communications and Informatics Ministry) the government will not pay the ransom, and will try to break the Lockbit 3.0 encryption. Forensic investigations are also being performed by the country’s National Cyber and Crypto Agency.

Industry experts have generally lauded the firm decision to desist from ransom payment. Nigel Ng, Senior Vice President (Asia Pacific and Japan), Tenable: “This incident highlights the critical importance of continuous monitoring and real-time threat detection to mitigate the impact of such sophisticated attacks. Furthermore, this situation exemplifies the necessity for robust collaboration between government agencies and private sector companies. Through shared expertise and coordinated efforts, we can enhance our defenses against these persistent threats and build a more resilient digital infrastructure capable of withstanding future cyberattacks.”

Cybersecurity expert Anne Cutler of Keeper Security noted: “Although the investigation is still underway into how threat actors were able to successfully deploy the Lockbit ransomware, human error remains a significant weakness for organizations.”

While the most obvious widespread concern is how the attack impacts the image of a national agency focused on sensitive national digital data, industry observers have also noted the government’s openness and responsiveness in disclosing and managing the attack. Kelvin Lim, Senior Director (Security Engineering) Synopsys Software Integrity Group, noted: “Paying the ransom does not ensure that threat actors won’t release your data, (or ensure) that the data will be decrypted. (They) can also consider you as a soft target and launch another attack in the future.” 

Meanwhile, the notorious Lockbit 3.0 threat actors have claimed the attack on the US’s Federal Reserve, and have threatened to release the 33TB of “American’s banking secrets” and demanded the sacking of the Feds’ ransom negotiator.