Indonesia’s national data center faced a significant cyberattack, disrupting immigration checks at airports and resulting in a demand for an $8 million ransom, the country’s Communications Minister revealed on Monday.
The breach caused considerable disruptions to government services, particularly at airports, where long lines formed at immigration desks. Automated passport machines have since been restored, according to the communications ministry.
Minister Budi Arie Setiadi disclosed that the attacker employed a new variant of the Lockbit 3.0 ransomware but provided no further details. The Lockbit cybercrime group is infamous for using ransomware to extort victims by encrypting their data and demanding payment for a decryption key.
“We are now focusing on restoring services at the affected national data center, including immigration,” Budi stated. He did not comment on whether any ransom had been paid.
Ransomware encrypts victims’ data, and hackers typically demand payment in cryptocurrency, which can amount to hundreds of thousands or even millions of dollars. If the victim refuses to pay, hackers often threaten to leak or delete the confidential data to apply pressure.
Semuel Abrijani Pangerapan, an official at the communications ministry, reported that digital forensic investigations are ongoing, with further details yet to be uncovered.
Also Read: Airbus Showcases Innovative Automated Taxing System at VivaTech (2024)
This attack is the latest in a series of cyberattacks targeting Indonesian companies and government agencies in recent years. Last year, media reports indicated that the account details of 15 million customers of the country’s largest Islamic lender, Bank Syariah Indonesia, were published online. However, the bank did not confirm any data leak. In 2022, Indonesia’s central bank faced a ransomware attack, though it did not impact public services. In 2021, a vulnerability in the health ministry’s COVID app exposed the personal data and health status of 1.3 million people.
Cybersecurity expert Teguh Aprianto described the recent cyberattack as “severe,” noting that it was the first to cause days-long disruptions to Indonesia’s public services.