JAKARTA – Indonesia announced it has started recovering data that was encrypted during a significant ransomware attack last month, which impacted over 160 government agencies.
The cyberattackers, identified as Brain Cipher, initially demanded an $8 million ransom to unlock the data. However, they later apologized and provided the decryption key for free, according to Singapore-based cybersecurity firm StealthMole.
The attack caused disruptions across several government services, including immigration and operations at major airports. Indonesian officials have admitted that most of the affected data had not been backed up.
Chief Security Minister Hadi Tjahjanto stated late Thursday that data for 30 public services managed by 12 ministries had been recovered using a “decryption strategy,” though he did not provide further details. “The communications ministry is using a decryption strategy to recover services or assets from ministries, state agencies, and regional governments that are affected. We are handling this gradually,” the statement said.
It remains unclear whether the government utilized Brain Cipher’s decryption key. Both Hadi and Communications Minister Budi Arie Setiadi did not respond to requests for comment.
Ransomware attackers employ software to encrypt data and then demand payment from victims to restore access. Indonesia reported that this attack involved malicious software known as Lockbit 3.0.