The recent ransomware cyberattack on Indonesia has exposed significant vulnerabilities in the country’s data management practices, as the bulk of the affected government data was not backed up. This incident, the worst in Indonesia in recent years, has disrupted multiple government services, including immigration and operations at major airports.
Overview of the Attack
The cyberattack, which occurred last week, affected over 230 public agencies, including several ministries. The attackers demanded an $8 million ransom to decrypt the data, but the Indonesian government has refused to pay. Hinsa Siburian, the head of Indonesia’s cybersecurity agency (BSSN), revealed that 98% of the data stored in one of the two compromised data centres had not been backed up.
Lack of Preparedness
“Generally, we see the main problem is governance, and there is no backup,” Siburian told a parliamentary hearing. This statement was met with criticism from lawmakers, including Meutya Hafid, the chair of the commission overseeing the incident, who bluntly called the lack of backups “stupidity.”
A spokesperson for BSSN did not immediately respond when asked about the possibility of recovering the encrypted data.
Optional Backup Services
Budi Arie Setiadi, Indonesia’s communications minister, explained that while the ministry had backup capacity at the data centres, it was optional for government agencies to use the service. He attributed the lack of backups to budget constraints but indicated that backing up data would soon become mandatory.
The incident has sparked widespread criticism of Minister Setiadi on social media, with digital advocacy group SAFEnet launching a petition for his resignation, citing repeated cyber attacks under his watch. In response, Setiadi provided Reuters with a separate petition calling for him to remain in his position.
Attack Details and Response
Minister Setiadi informed parliament that a “non-state actor” seeking financial gain was believed to be behind the attack and that government services should be fully restored by August. The ransomware used in this attack is known as Lockbit 3.0, a software that encrypts data and demands payment for its restoration.
Lessons Learned and Future Actions
This cyberattack has highlighted critical issues in Indonesia’s data governance and cybersecurity infrastructure. The absence of mandatory backup protocols has left the country vulnerable to such attacks. Moving forward, it is imperative for the Indonesian government to:
- Implement Mandatory Backups: Ensure all government agencies regularly back up their data to prevent future losses.
- Improve Cybersecurity Measures: Invest in stronger cybersecurity defences to protect against ransomware and other cyber threats.
- Increase Budget Allocations: Allocate sufficient funds to cybersecurity and data management to prevent budget constraints from compromising data integrity.
- Raise Awareness and Training: Educate government officials and employees about cybersecurity best practices and the importance of data backups.
By addressing these areas, Indonesia can bolster its defences against future cyberattacks and safeguard its critical data.