29-6-2024 (JAKARTA) In the wake of a devastating ransomware cyber attack that crippled multiple government services across Indonesia, President Joko Widodo has ordered a comprehensive audit of the country’s government data centers. The audit aims to address vulnerabilities exposed by the recent attack, which affected over 230 public agencies, including ministries, and disrupted operations at major airports and immigration services.
The cyber attack, considered the worst in recent years for Indonesia, prompted the government to refuse to pay the $8 million (S$11 million) ransom demanded by the attackers to retrieve the encrypted data. Instead, President Widodo has taken decisive action by instructing the state auditor to examine the country’s data centers, covering governance and financial aspects.
Muhammad Yusuf Ateh, who heads Indonesia’s development and finance controller, confirmed the President’s directive after attending a Cabinet meeting led by Widodo on June 28. “The audit would cover governance and the financial aspect,” Ateh stated, underscoring the government’s commitment to addressing the vulnerabilities exposed by the attack.
Hinsa Siburian, an official chairing Indonesia’s cyber security agency (BSSN), revealed a startling fact during a parliamentary hearing on June 27: 98 percent of the government data stored in one of the two compromised data centers had not been backed up. “Generally, we see the main problem is governance, and there is no backup,” Siburian told lawmakers.
This revelation sparked outrage among some lawmakers, with Meutya Hafid, the chair of the commission overseeing the incident, dismissing the explanation as “stupidity” rather than a lack of governance.
While the BSSN spokesperson did not immediately respond to inquiries about the possibility of recovering the encrypted data, Communications Minister Budi Arie Setiadi acknowledged that the ministry had backup capacity at the data centers, but its usage was optional for government agencies.
Setiadi revealed that agencies did not back up the data due to budget constraints, highlighting a critical issue that the government plans to address by making data backups mandatory in the future.
The cyber attack has sparked widespread criticism of the Communications Minister on social media, with digital advocacy group SAFEnet launching a petition calling for Setiadi’s resignation, citing his lack of responsibility over repeated cyber attacks. However, Setiadi responded by sending a separate petition supporting his continuance as minister.
During his appearance before the Indonesian Parliament, Setiadi stated that a “non-state actor” seeking money was believed to be behind the attack and that government services should be fully restored by August.
The ransomware attackers utilized the malicious software LockBit 3.0 to encrypt data and demand payment from the Indonesian government for restoring access.
