Indonesia's National Data Center Hit by Ransomware Attack, Audit Finds Over 98% of Data Completely Unbacked

On June 20, the Indonesian Temporary National Data Center (PDNS) fell victim to a ransomware attack, launched by the infamous LockBit, albeit a variant version named Brain Cipher.

Typically, data centers maintain redundant backups in multiple locations, so services can quickly be restored from these backups after a ransomware attack. However, a preliminary investigation in Indonesia revealed that more than 98% of the data in two major data centers attacked had no backups whatsoever. This means that once the data is encrypted by ransomware, it could not be retrieved unless a hefty ransom was paid.

As a result, the President of Indonesia has ordered a comprehensive audit of the government's data centers to check for similar critical errors, i.e., the absence of data backups.

The hackers demanded a ransom of about 8 million USD from the Indonesian government. However, the Indonesian Ministry of Communication and Information Technology stated they had no plans to pay the ransom. Instead, they were attempting to decrypt the data.

Trying to decrypt the data might only serve as a public relations move or self-reassurance, as ransomware typically uses AES256 or even stronger encryption algorithms, making brute force attempts to retrieve the keys impractical.

The Ministry of Communication and Information Technology acknowledged that the data centers indeed provided the capacity and infrastructure for backups to government agencies (including sub-national entities), but utilizing these backups was optional. Many agencies, restrained by budget limitations, did not use the backup capacity. However, backups will become mandatory in the future.

Notably, the Vice President of Indonesia attributed the severe issues caused by the data center attack to the centralization of agency and department data. He argued that centralizing data centers, once hacked, could lead to extremely serious problems.

Regardless of whether data is centralized, the lack of adequate security measures and the absence of backups mean that even if data were spread across different data centers, security issues could not be avoided. Perhaps the only advantage of such a distribution is that it wouldn't simultaneously cripple numerous government agencies.