Indonesian government says national data center was hit in ransomware attack - but it won't pay up

A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
(Image credit: Getty Images)

The government of Indonesia has suffered a ransomware attack that crippled many of its organizations and caused quite a nuisance for its citizens - but says it won't be held to ransom

Government officials confirmed its National Data Center (PDN) was struck on June 20, with the attack apparently organized by an affiliate of LockBit, with the encryptor used was LockBit 3.0, with some saying the variant’s name is Brain Cipher. 

At least 210 national institutions were affected by the incident, The Register reported, citing local media, including the nation’s immigration office, which led to problems in issuing passports, visas, residence permits, and similar - leading to long lines at airports around the country.

Not paying up

Remedying a ransomware attack can be done in two ways - either the victims pay up and (hope to) get the decryption key which allows them to resume operations, or they restore an airgapped backup and then negotiate about stolen files.

The country’s officials didn’t say if the ransom had been paid or not. The attackers asked for roughly $8 million in cryptocurrency.

Besides Business Email Compromise (BEC), ransomware remains one of the most destructive and disruptive cyberattack methods out there. Hundreds of hacking collectives are buying access to important institutions from initial access brokers, and then renting out ransomware encryptors from different ransomware-as-a-service providers, such as LockBit. 

They then proceed to exfiltrate sensitive data from the victims, before encrypting all files. That way, should the victims restore their systems from a backup, the attackers would still have sensitive data which they can threaten to release online unless a payment is made. 

Via The Register

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.