LockBit in $8M Indonesia ransom demand


A cyber attacker has compromised Indonesia's national data center, disrupting immigration checks at airports, and asked for an $8 million ransom.

The attack disrupted several government services, most notably at airports last week, with long lines forming at immigration desks. Automated passport machines were now functioning, the country’s communications ministry said.

Minister Budi Arie Setiadi told Reuters that the attacker used a new variant of existing malicious software called Lockbit 3.0, without giving further details.

ADVERTISEMENT

The Lockbit cybercrime group is notorious for using malicious software called ransomware to digitally extort its victims.

"We are now focusing to restore the services of the affected national data centre such as immigration," Budi said. He did not say whether any ransom had been paid.

Ransom software works by encrypting victims' data. Hackers can offer a key in return for payments, typically to be made in cryptocurrency, that can run into the hundreds of thousands or even millions of dollars.

If the victim resists, hackers can then threaten to leak or delete confidential data in a bid to pressure the person or organisation.

Semuel Abrijani Pangerapan, an official at the communications ministry, said a digital forensics investigation is underway and further details have yet to be found.

The attack was the latest in a series of cyber-attacks to hit Indonesian companies and government agencies in the past few years.

Last year, the media reported that account details of 15 million customers of the country's biggest Islamic lender Bank Syariah Indonesia (BSI) were published online. The bank did not confirm its data had been leaked.

In 2022, Indonesia's central bank was attacked by ransomware but said the attack did not affect its public services. In 2021, a flaw in the health ministry's COVID app exposed the personal data and health status of 1.3 million people.

ADVERTISEMENT

A cybersecurity expert, Teguh Aprianto, said the latest cyber-attack was "severe" and the first to cause days-long disruptions to Indonesia's public services.

"It shows that the government infrastructure, manpower handling this and the vendors are all problematic," he said.