Indonesian president orders audit of data centers hit by cyberattack

JAKARTA: Indonesian President Joko Widodo on Friday (June 28) ordered an audit of government data centres after officials said much of the data was compromised. Recent ransomware cyberattacks The lack of support exposed the country’s vulnerability to such attacks.

Last week’s cyberattack was Indonesia’s worst in recent years, disrupting several government services including the immigration department as well as operations at the main airport.

The government said more than 230 public institutions, including ministries, were affected, but it refused to pay the $8 million ransom demanded to restore the encrypted data.

In response to the cyberattack, Indonesia’s auditor general said the president had instructed him to inspect the country’s data centers.

The audit will cover “governance and financial aspects,” Indonesia’s director general for development and finance, Muhammad Yusuf Ateh, said after attending a cabinet meeting chaired by Widodo on Friday.

Hinsa Siburian, chairman of Indonesia’s cybersecurity agency BSSN, said 98% of government data stored in one of the two compromised data centers was not backed up.

“Overall we think the main problem is governance and there is no support,” he told a parliamentary hearing late on Thursday.

Some lawmakers rejected that explanation.

“If there is no backup, it’s not a lack of governance,” said Meutya Hafid, the head of a committee overseeing the incident. “It’s stupidity.”

A BSSN spokesman did not immediately respond when asked if it was possible to recover the encrypted data.

Indonesian Communications Minister Budi Arie Setiadi said the ministry has spare capacity in data centers but government agencies can choose whether to use the service.

He said government agencies were not backing up data due to budget constraints, adding that this would soon become mandatory.

The cyberattack triggered criticism of the minister on Indonesian social media.

Digital advocacy group SAFEnet launched a petition calling for Budi to resign, arguing that he was not responsible for multiple cyber attacks.

When asked to comment on the calls for his resignation, Budi sent Reuters a separate petition calling on him to remain in his ministerial post.

The minister told parliament that a “non-state actor” seeking money was believed to be behind the attack and that government services should be fully restored by August.

Ransomware attackers use software to encrypt data and demand that victims pay to recover it. Indonesia said the attackers in this incident used an existing malware called Lockbit 3.0.