The Indonesian government has admitted its national datacenter was hit by ransomware criminals, disrupting some of the country's services.

The datacenter in question, operated by Indonesia's Ministry of Communication and Information Technology (Kominfo) and termed the National Data Center or Pusat Data Nasional (PDN), was compromised on June 20, the government said during a press conference on Monday. The country's communications minister also confirmed details with newswire Reuters earlier today.

With the PDN locked down, at least 210 institutions have been affected and some of Indonesia's services have been significantly disrupted, reports local paper Tempo. Most notably, digital services for immigration were shut down, impacting how quickly the country could process visas, passports, and residence permits. This led to long lines at airports, but Indonesia says this is now under control and automated passport scanners are back online.

Online registration for new students has also been unavailable in some regions, prompting local governments to extend the registration window.

The ransomware that seized the PDN is apparently a variant of LockBit 3.0, with local reports quoting officials as saying it was a variant called Brain Cipher. Broadcom identified this particular strain just over a week ago, calling it a double extortion ransomware that exfiltrates and then encrypts stolen data.

Indonesia's comms minister told reporters the attackers demanded a ransom of 131 billion Rupiah ($8 million), but the national resource rich country's government hasn't said whether it plans to pay up.

To put that sum in context, Indonesian president Joko Widodo last month ordered government officials to stop developing new applications after local governments requested Rp 6.2 trillion ($386.3 million) in the budget for the development of new applications in this year alone. According to the president, Indonesia's central and regional governments together operate a fleet of 27,000 apps, many of which overlap or aren't integrated. ®

https://www.theregister.com//2024/06/24/indonesia_datacenter_ransomware/