Long-Term Disruption to Government Services Expected With Indonesian National Data Center Crippled by LockBit Cyber Attack

by | Jun 28, 2024

Hackers took advantage of a temporary national data center, one of four used by Indonesia’s government, to deploy ransomware and snarl various services in the country last week. While some of the more pressing issues have already been resolved, other services look likely to be hobbled for weeks due to the fallout of the cyber attack.

The issue is the handiwork of LockBit, which the cybersecurity community had hoped was on the ropes after a February raid by international law enforcement. The group has shown some unusual signs of vulnerability lately but is still racking up victims, and the national data center attack demonstrates the risk it still poses even to organizations that are reasonably prepared.

String of cyber attacks has raised citizen concerns

Indonesia’s government is grappling with a public confidence issue as some sort of major cyber attack now seems to happen roughly semi-annually since 2022. First with a breach of the country’s Covid-19 tracking app, which exposed the personal data of over a million users, moving on to a different attack by LockBit on the Bank Syariah Indonesia about a year ago that impacted 15 million people. In late 2023, the General Election Commission was hacked exposing 204 million voter records that made their way to the dark web.

While LockBit has had to deal with the seizure of a chunk of its infrastructure this year, the group has also rolled out a new version of its LockBit 3.0 software called “Brain Ciper” that has numerous new features and was deployed against the national data center. The hackers reportedly asked for an $8 million USD ransom, which was refused. LockBit has begun selling off some of the stolen data via dark web forums, as security researchers spotted biometric data from the country’s Automatic Fingerprint Identification System on offer through underground channels for $1,000.

It is generally hard to get details of cyber attacks out of the Indonesian government, something that has contributed to the confidence crisis; it is rare for it to even publicly admit that one has taken place, something that became unavoidable in this case due to the disruption to about 210 national and local government agencies and their services. A spokesperson confirmed a digital forensics team is investigating, but the cause of the breach remains unknown.

National data center outage creates big delay for travelers, some services still offline

The national data center attack’s first big and visible impact was to cause long lines to form at airports and ferries, as automatic passport checking systems were taken offline and workers had to resort to pen and paper for some functions. Travel issues were mostly cleared up in a few days, but the broad variety of impacts (ranging from business licensing to education) means some weeks (or more) of agencies catching up in restoring their systems.

Though little is known about the technical details of the cyber attack as of yet, the LockBit affiliate targeted a temporary national data center that is being used while a high-security permanent installation is being constructed in West Java. The public will have to wait to see if they are once again dealing with a mass exfiltration of millions of their personal details to the dark web, or simply some temporary inconvenience in accessing government services.

Recent Posts

How can we help?

8 + 7 =

× How can I help you?