Indonesian Government Data Centers Hit by Recent LockBit Hack Didn’t Have Backup

• The Temporary National Data Center in Indonesia was recently hit by a new LockBit malware strain.
• The Brain Cipher ransomware attack compromised two data centers, one of which didn’t have almost any data backed up.
• The security incident caused massive disruptions, and the government promised to revise the nation’s cybersecurity approach. 

On June 20, the Temporary National Data Center (PDNS) in Indonesia suffered a security incident that massively disrupted official digital services from approximately 200 institutions. This incident revealed that most of the data stored by government data centers is not backed up. Now, Indonesia’s president, Joko Widodo, has ordered an audit of government data centers.

The head of the National Cyber and Encryption Agency (BSSN), Hinsa Siburian, admitted no backup was made for 98% of the data stored in one of the two compromised data centers. 

Backup is available to government agencies using these data centers, but backing up data is optional, and most agencies do not use it due to budget constraints. However, backup is most likely to become mandatory for Indonesian agencies in the future.

The cybercriminals deployed a fresh variant of the LockBit malware known as Lockbit 3.0, Brain Cipher. They want 131 billion Rupiah (US $8 million) in ransom for the exfiltrated data. 

Communication and Informatics Minister Budi Arie Setiadi said the government does not intend to pay, and authorities are attempting to decrypt the data. Several public services, such as immigration services and those under the Coordinating Ministry for Maritime Affairs and Investment, are on their way to being restored.

The same malware was previously used in the attack targeting Bank Syariah Indonesia (BSI), according to government officials. However, these attacks haven't been attributed to any threat actor so far.