Indonesia’s cybersecurity is at a critical juncture. The recent attack by Brain Cipher crippled service and compromised data at more than 200 government agencies.¹ The ransomware used in the attack is believed to be linked to the notorious LockBit 3.0 group.¹ This poses a pivotal challenge given their previous ransomware attacks in various countries, including the Philippines and Malaysia. As reported by ANTARA news agency, the government has restored 86 public services across 16 state institutions following a cyberattack on the Temporary National Data Centre (PDNS) 2 on 20 June.² As of 12 July, the government was still struggling to recover data stored in the temporary national data center in East Java.¹

Cybersecurity expert Alfons Tanujaya cited inadequate maintenance as a contributory factor to the seriousness of the attack.¹ He emphasized that any lack of discipline in website maintenance can trigger attacks.¹ Security gaps should be regularly maintained and updated, as leaving them unpatched can lead to hacks and defacement.

Moreover, according to Monash University, ransomware attacks can be prevented by ensuring that proper and well-prepared cybersecurity measures are in place.³ Firstly, all crucial data should be backed up regularly and stored in a separate location to minimize data loss.³ Backups should be encrypted and routinely tested to ensure they can be correctly restored. Secondly, introducing redundancies to reduce the risk of total system failure is vital.³ Redundancies could include dual hardware, cloud storage, or backup servers ready to operate if the primary system fails. Thirdly, establishing a Data Recovery Center (DRC) that can operate immediately if the main system is disrupted is essential.³ The DRC should have infrastructure equal to or better than the main system to ensure seamless operations.

IMPLICATIONS:

From a business perspective, the ransomware attack constituted a massive negative impact by disrupting the applications and data essential for workers and business. As one example among many, the certification approval process for construction workers was halted, leading to disruptions in the construction workers’ information system.⁴ Additionally, e-Simpan, an application that stores data on thousands of workers, was locked by the ransomware, causing further problems for the affected workers.⁴ This has been a major wake-up call for the Indonesian government and all stakeholders will be looking to government officials and agencies to resolve current matters and future-proof the country’s digital architecture. 

^[1]Maulida, Erwida, and Damayanti, Ismi, (2024), “Indonesian cyberattack signals growing threat in Southeast Asia,” Nikkei Asia, July 15. Retrieved: https://asia.nikkei.com/Spotlight/Cybersecurity/Indonesian-cyberattack-signals-growing-threat-in-Southeast-Asia
^[2]The Star, (2024), “Indonesia restores 86 public services after recovering from cyberattack on its National Data Centre,” The Star, July 14. Retrieved: https://www.thestar.com.my/aseanplus/aseanplus-news/2024/07/14/indonesia-restores-86-public-services-after-recovering-from-cyberattack-on-its-national-data-centre
^[3]Monash University, (2024), “National Security Alert: Analyzing Ransomware Attacks and Preventative Measures,” Monash University, June 25. Retrieved: https://www.monash.edu/indonesia/news/national-security-alert-analyzing-ransomware-attacks-and-preventative-measures
^[4]Alifia, Okti, and Nugraheni, Mutia, (2024), “Serangan Ransomware ke PDN Ternyata Berdampak ke Bisnis Jasa Konstruksi,” Dream.co.id, July 2. Retrieved: https://www.dream.co.id/dinar/serangan-ransomware-ke-pdn-ternyata-berdampak-ke-bisnis-jasa-kontruksi-158626-mvk.html?screen=5