Cyber Incident Victim: Indonesia's National Data Center
Date:
Jun 2024
Location:
Indonesia
Summary
A cyberattack compromised Indonesia's national data center, with hackers deploying Lockbit 3.0 ransomware and demanding an $8 million ransom, which authorities refused to pay. The breach disrupted operations across over 200 government agencies, initially affecting critical services including immigration and investment licensing; while airport immigration functions have been restored, recovery efforts continue for other systems. PT Telkom Indonesia and cybersecurity agencies are collaborating to break the encryption holding data hostage and conducting forensic investigations to mitigate the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 20, 2024, Indonesia’s national data center suffered a cyberattack that compromised government systems and disrupted critical public services. The attack, attributed to a ransomware group, encrypted data and rendered it inaccessible, affecting operations across more than 200 national and regional government agencies. The hackers demanded an $8 million ransom in exchange for a decryption key to restore access to the held data. Indonesian authorities, including Communications and Informatics Ministry official Samuel Abrijani Pangerapan, confirmed the incident’s widespread impact, noting significant interruptions to essential services such as immigration processing and investment licensing. While airport immigration functions were later restored, other services remained partially or fully offline during the initial recovery phase. PT Telkom Indonesia’s network director Herlan Wijanarko clarified that the attackers specifically targeted data availability through encryption rather than exfiltrating information. The government, led by Communication and Informatics Minister Budi Arie Setiadi, publicly refused to pay the ransom, emphasizing efforts to recover systems independently.
Response actions included coordinated investigations by PT Telkom Indonesia, domestic cybersecurity agencies, and international partners to reverse the encryption and restore data access. The National Cyber and Crypto Agency (BSSN), under Hinsa Siburian, identified Lockbit 3.0 ransomware samples in forensic analysis, confirming the malware variant used in the attack. Recovery operations prioritized reactivating high-priority services like immigration controls while continuing work on other affected systems, including investment permit platforms. No data theft or secondary exploitation was reported, as the incident primarily disrupted service availability through encryption. Government statements provided no specifics on the attack’s initial vector or duration of full recovery efforts but confirmed ongoing forensic work to determine the breach’s scope and origin. The incident marked one of Indonesia’s most severe cyber disruptions, highlighting vulnerabilities in critical national infrastructure.