Indonesian President Joko Widodo has mandated a thorough audit of the nation’s government data centers following a significant ransomware cyberattack that disrupted numerous public services last week. The attack, the most severe in Indonesia in recent years, exposed critical vulnerabilities by affecting data that lacked proper backup.
The ransomware incident disrupted various government services, including immigration processes and operations at major airports, and impacted over 230 public agencies. Despite the attackers demanding an $8 million ransom for the encrypted data, the government has refused to make the payment.
In response, President Widodo instructed Indonesia’s state auditor to conduct a detailed examination of the country’s data centers. Muhammad Yusuf Ateh, head of the Development and Finance Controller (BPKP), announced that the audit would focus on governance practices and financial management of the data centers. This directive followed a cabinet meeting on Friday where the cyberattack’s implications were discussed.
Hinsa Siburian, head of the National Cyber and Crypto Agency (BSSN), revealed that 98% of the government data stored in one of the compromised data centers had not been backed up. “Generally, we see the main problem is governance and there is no backup,” Siburian stated in a parliamentary hearing on Thursday.
However, some lawmakers criticized the lack of data backup, with Meutya Hafid, chair of the commission overseeing the incident, calling it “stupidity” rather than a governance issue.
A spokesperson for BSSN did not immediately provide clarity on the potential recovery of the encrypted data. Meanwhile, Communications Minister Budi Arie Setiadi indicated that while the data centers had backup capabilities, the use of these services by government agencies was optional. He acknowledged that budget constraints led to the lack of mandatory data backup but affirmed that this would soon be made compulsory.
The cyberattack has sparked public outcry against the minister, with digital advocacy group SAFEnet launching a petition for his resignation, citing repeated failures to prevent such incidents. Budi, in response, referred to a counter-petition advocating for his continuation in office.
Minister Budi reported to parliament that the attack was likely carried out by a “non-state actor” seeking financial gain. The government expects to fully restore affected services by August. The attackers used an existing ransomware software known as Lockbit 3.0, which encrypts victims’ data and demands payment for its decryption.
The audit of data centers is expected to address these issues and enhance the security and resilience of Indonesia’s data infrastructure to prevent future incidents.
