July 11, 2024
JAKARTA – As public anger over the failure to prevent the ransomware attack on a temporary national data center facility in late June starts to wane, experts and civil groups have urged the government to be transparent about its progress in recovering the impacted databases.
Nearly a month has passed since the ransomware attack on the facility in Surabaya, East Java, that disrupted hundreds of services connected to the server. The attack affected the databases of 282 central government and regional institutions, with only 43 of which having backed up their data.
The attackers used a new ransomware type Brain Cipher to infiltrate the system and encrypt the data, effectively making it inaccessible to anyone but the hackers, and they demanded a ransom of US$8 million to return control to the government.
But the hackers then released a decryption key on the dark web for the government to unlock the encrypted data.
The Communications and Information Ministry tested the key and found that it could unlock certain encrypted information, according to then informatics applications director general Semuel Abrijani Pangerapan last week.
However, no further updates have been provided by the government since then.
Of all 282 affected institutions, only five have restored their databases, according to the latest update in late June.
The stagnation has led cybersecurity groups and experts to urge the government to be more transparent about the recovery process, regardless of whether progress has been made or not.
“If the government knew what is called crisis management, they would have provided a weekly update, packaged in a language understood by the public so they can have a little peace of mind,” Ardi Sutedja of the Indonesia Cybersecurity Forum (CSF) said on Tuesday.
Ardi said the government owed the public all updates as the attack had compromised personal data stored in the data center.
Cybersecurity expert Alfons Tanujaya from the Indonesian Information and Communication Technology (ICT) Business Association (Aptiknas) said the decryption key should effectively speed up the recovery.
“With all the help it got, the government should have no problem making a full recovery [of data] in a week or two. I don’t understand why it has taken this long,” Alfons said on Wednesday.
Before the hackers released the key, Communications and Information Minister Budi Arie Setiadi said his office and the National Cyber and Crypto Agency (BSSN) aimed to recover all affected databases by the second week of August.
The ministry and the BSSN did not respond to The Jakarta Post’s inquiry on how the current recovery process was going.
In a public discussion held by the Indonesian Internet Providers Association (APJII) on Tuesday, the association’s chair Muhammad Arif spoke about the need to also bolster the country’s cybersecurity talent to prevent future incidents.
“I think there is a human aspect that factors into why a cyberattack could hit the temporary national data center. That’s why we need to focus on the people operating the [centers] in the future and train the country’s talents [for the job],” he said.
The ministry’s acting informatics applications director general Ismail said the government was trying to build better cybersecurity for permanent data centers, which are currently under construction, and that the centers would hire “officials who are professional in their fields”.