Indonesian President orders audit of data centres after cyber attack

JAKARTA – Indonesian President Joko Widodo on June 28 ordered an audit of government data centres after officials said the bulk of data affected by a recent ransomware cyber attack was not backed up, exposing the country’s vulnerability to such attacks.

Last week’s cyber attack, the worst in the country in recent years, disrupted multiple government services, including those of immigration and operations at major airports.

The Indonesian government has said more than 230 public agencies, including ministries, had been affected, but has refused to pay a US$8 million (S$11 million) ransom demanded to retrieve the encrypted data.

Responding to the cyber attack, Indonesia’s state auditor said the Indonesian President instructed it to examine the country’s data centres.

The audit would cover “governance and the financial aspect”, said Mr Muhammad Yusuf Ateh, who heads Indonesia’s development and finance controller, after attending a Cabinet meeting led by Mr Widodo on June 28.

Mr Hinsa Siburian, an official who chairs Indonesia’s cyber security agency known by its acronym BSSN, said 98 per cent of the government data stored in one of the two compromised data centres had not been backed up.

“Generally, we see the main problem is governance, and there is no backup,” he told a parliamentary hearing late on June 27.

Some lawmakers dismissed the explanation.

“If there is no backup, that is not a lack of governance,” said Ms Meutya Hafid, the chair of the commission overseeing the incident. “That is stupidity.”

A BSSN spokesperson did not immediately respond when asked whether it would be possible to recover the encrypted data.

Mr Budi Arie Setiadi, Indonesia’s Communications Minister, said the ministry had backup capacity at the data centres, but it was optional for government agencies to use the service.

He said government agencies did not back up the data due to budget constraints, adding this would soon be made mandatory.

The cyber attack has sparked criticism of the minister on social media in Indonesia.

Digital advocacy group SAFEnet started a petition calling for Mr Budi’s resignation, citing his lack of responsibility over repeated cyber attacks.

Mr Budi sent Reuters a separate petition calling for him to stay on as minister when asked for comment on calls for him to resign.

The minister told the Indonesian Parliament that a “non-state actor” seeking money was believed to be behind the attack, and that government services should be fully restored by August.

Ransomware attackers use software to encrypt data and demand payment from victims for restoring the data.

Indonesia has said the attacker in this particular incident used an existing malicious software called LockBit 3.0. REUTERS