A recent ransomware cyberattack has revealed significant gaps in the Indonesian government’s data backup practices, officials admitted, highlighting a lack of preparedness in Southeast Asia’s largest economy.
The cyberattack, which occurred last week, is the most severe the country has faced in recent years and has disrupted numerous government services, including immigration and major airport operations.
More than 230 public agencies, including various ministries, were impacted by the attack. Despite this, the government has refused to pay the $8 million ransom demanded to decrypt the compromised data.
Hinsa Siburian, the head of Indonesia’s cyber security agency (BSSN), stated that 98% of the government data stored in one of the affected data centres had not been backed up.
He pointed out that the main issue was governance and the absence of backup protocols during a parliamentary hearing on Thursday.
Meutya Hafid, the chair of the commission overseeing the incident, criticized the lack of data backups, calling it “stupidity” rather than just poor governance.
A spokesperson for BSSN did not immediately respond to inquiries about the possibility of recovering the encrypted data.
Indonesia’s Communications Minister, Budi Arie Setiadi, noted that while backup capacity was available at the data centers, it was optional for government agencies to use it.
He attributed the lack of data backups to budget constraints but mentioned that this would soon become mandatory.
The cyberattack has led to widespread criticism of Minister Budi on Indonesian social media.
Digital advocacy group SAFEnet launched a petition demanding his resignation due to his perceived lack of accountability for repeated cyber attacks.
In response, Budi sent Reuters a separate petition calling for his continuation as minister.
Addressing the parliament, the minister suggested that a “non-state actor” seeking financial gain was behind the attack and assured that government services should be fully restored by August. The attackers used Lockbit 3.0, a known ransomware software, to encrypt the data.
Ransomware attacks typically involve software that encrypts data, with attackers demanding payment to restore access.
Indonesia’s response to this incident has underscored the urgent need for improved cyber security and data management practices.
