Cyber attack disrupts Indonesia's immigration, $8m ransom demanded
A cyber attacker compromised Indonesia's national data centre, disrupting immigration checks at airports, and asked for an $8 million ransom, the country's communications minister told Reuters on Monday.
The attack disrupted several government services, most notably at airports last week, with long lines forming at immigration desks. Automated passport machines were now functioning, the communications ministry said.
Minister Budi Arie Setiadi said the attacker used a new variant of existing malicious software called Lockbit 3.0, without giving further details.
The Lockbit cybercrime group is notorious for using malicious software called ransomware to digitally extort its victims.
"We are now focusing to restore the services of the affected national data centre such as immigration," Budi said. He did not say whether any ransom had been paid.
Ransom software works by encrypting victims' data. Hackers can offer a key in return for payments, typically to be made in cryptocurrency, that can run into the hundreds of thousands or even millions of dollars.
If the victim resists, hackers can then threaten to leak or delete confidential data in a bid to pressure the person or organisation.
Read also: Eruption of Indonesia's Mt Ibu forces seven villages to evacuate
Semuel Abrijani Pangerapan, an official at communications ministry, said digital forensics into investigation are underway and further details have yet to be found.
The attack was the latest in a series of cyber-attacks to hit Indonesian companies and government agencies in the past few years.
Last year, media reported that account details of 15 million customers of the country's biggest Islamic lender Bank Syariah Indonesia (BSI) (BRIS.JK) were published online. The bank did not confirm its data had been leaked.
In 2022, Indonesia's central bank was attacked by ransomware but said the attack did not affect its public services. In 2021, a flaw in the health ministry's COVID app exposed the personal data and health status of 1.3 million people.
A cybersecurity expert, Teguh Aprianto, said the latest cyber-attack was "severe" and the first to cause days-long disruptions to Indonesia's public services.
"It shows that the government infrastructure, manpower handling this and the vendors are all problematic," he said.