Indonesia’s Worst Cyber Attack Exposes Critical IT Policy Failures

Indonesia recently faced its worst cyber attack in years, exposing critical weaknesses in the country’s IT policy. The ransomware attack, which occurred on June 20, targeted Indonesia’s Temporary National Data Center (PDNS) and used the LockBit 3.0 variant, Brain Cipher. This malware not only extracts but also encrypts sensitive data on servers. The attacker demanded an $8 million ransom, which the Indonesian government has stated it does not intend to pay. 

One of the most alarming aspects of this attack is that almost none of the data in one of the two affected data centers was backed up, rendering it impossible to restore without decryption. This oversight has significantly disrupted operations across more than 230 public agencies, including key ministries and essential national services such as immigration and major airport operations.

In response to the attack, Indonesian President Joko Widodo ordered a comprehensive audit of the country’s data centers. Muhammad Yusuf Ateh, head of Indonesia’s Development and Finance Controller (BPKP), stated that the audit would focus on both governance and the financial implications of the cyberattack. 

An official from Indonesia’s cybersecurity agency revealed that 98% of the government data stored in one of the compromised data centers had not been backed up, despite the data center having the capacity for backups. Many government agencies did not utilize the backup service due to budget constraints.

The cyberattack has sparked calls for accountability within the governmen

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.