The recent ransomware attack against two Indonesian government owned data centers has revealed that most of the data stored did not have a backup.
An audit of government data centers has been ordered by Indonesian President Joko Widodo after it was found that one of the two data centers hit by the June 2024 attack did not backup 98% of its stored data.
Brain Ciper, a new version of the Lockbit ransomware, was used in the attack with the group responsible demanding 131 billion Rupiah (US$8 million) for the decryption key.
No intention to pay
Budi Arie Stiadi, Communication and Informatics Minister, said in a statement (via The Register) that the Indonesian government does not intend to pay, and is instead attempting to decrypt the data.
The attack targeted the Temporary National Data Center (PDNS) and took place on June 20th, with many digital services being interrupted by the ransomware attack.
In a further statement from Budi it was revealed that government agencies have the option to back up data on government datacenters, but many of them chose not to or were unable to do so due to budgetary constraints.
Vice president Ma’ruf Amin said that much of the damage was due to how centralized the networks of government agencies had become, stating “Once it was centralized, it turned out that once it was hacked, everyone was affected. I didn’t think hacking was so devastating in the past.”
Responding to the lack of backups on government data centers, Chair of the First Commission of the People’s Representative Council, Meutya Hafid, said, “This is not a governance issue, it’s a stupidity issue to have national data without a single backup.”
More from TechRadar Pro
These are the best cloud backup and best cloud storage solutionsDon’t blame Slack for training its AI on your sensitive dataTake a look at our guide to the best ZTNA solutions