Severe cyber attack disrupts Indonesian government services

A severe cyber attack on Indonesia’s national data center disrupted government services over the weekend, significantly impacting the country’s airports, ferries, and passport verification systems. The attack, attributed to affiliates of the LockBit ransomware gang, demanded an $8 million ransom. The Indonesian government has not paid the ransom and is gradually restoring services amidst considerable travel delays.

The cyber attack led to long queues at immigration desks as automated passport-checking kiosks were temporarily shut down. Travelers experienced substantial delays due to manual passport checks. Ferries also faced lengthy lines as computer booking systems were rendered inoperable, forcing employees to resort to pen-and-paper methods.

In total, about 200 government agencies at both national and regional levels were affected. While travel and immigration services have largely been restored, other services, including financial licensing and student registration, may remain offline longer as the national data center works to restore systems without a decryption key. Herlan Wijanarko, PT Telkom Indonesia’s director of network & IT solutions, stated that efforts are underway to break the encryption imposed by the attackers.

The attacked data center is a temporary facility, with a high-security center in Cikarang, West Java, under construction. This new facility, which will carry a Tier IV rating, aims to be the most secure in the country upon completion.

The extent of personal data compromise remains unclear, raising public concerns after a series of major data breaches over the past year. These include a compromise of the official Covid-19 contact-tracing app in 2022 and a hack of the General Elections Commission’s database in late 2023.

This attack is part of a troubling pattern of serious breaches in Indonesia, often involving millions of sensitive citizen records. LockBit, responsible for a previous attack on Bank Syariah Indonesia, has been particularly active. Recently, the group claimed to have hacked the US Federal Reserve, capturing 33 terabytes of data, though proof of this claim remains unverified.

Communications ministry official Semuel Abrijani Pangerapan indicated that a digital forensics team is investigating the attack, with further details pending. Security researchers have noted that hackers have begun offering stolen data on the dark web, including police biometric data from the Automatic Fingerprint Identification System.