The PDN ransomware incident and the Brain Cipher ransomware, which severely impacted the Indonesian government’s data center, serves as a critical example of the vulnerabilities faced by national infrastructure in the digital age.

On June 20, the Pusat Data Nasional (PDN), managed by the Indonesian Ministry of Communication and Information Technology (Kominfo), was struck by a ransomware attack. This breach disrupted services for 210 institutions across the country, notably affecting digital services for immigration. The inability to process visas, passports, and residence permits digitally led to significant delays and long queues at airports.

By June 24, operations began to return to normal, thanks to a swift migration of immigration data to Amazon Web Services (AWS). This emergency measure was completed within 12 hours, underscoring the immediate need for a robust contingency plan in the face of cyber threats.

Minister confirms the PDN ransomware attack

According to Tempo.co’s report, Indonesian Minister of Law and Human Rights, Yasonna Laoly, confirmed this temporary migration but did not specify if AWS would be a long-term solution, suggesting that the PDN might resume normal operations soon.

The attack has been attributed to a variant of the LockBit 3.0 ransomware, known locally as ‘Brain Cipher.’ This incident is regarded as one of the most severe cyberattacks on the Indonesian government since 2017, highlighting significant weaknesses in the country’s cyber infrastructure.

How did Brain Cipher ransomware work?

Brain Cipher ransomware, a variant of LockBit 3.0, was identified as the malicious software responsible for the PDN ransomware breach. Ransomware attacks like Brain Cipher typically encrypt data, rendering systems inoperable until a ransom is paid. In this case, hackers demanded $8 million (Rp131 billion) for the return of stolen data. The cyberattack not only disrupted immigration services but also exposed the fragility of Indonesia’s national data management systems.

According to Pratama Persadha, chairman of Indonesia’s Cybersecurity Research Institute, the disruption caused by this ransomware was extraordinary. It took several days to recover the system, revealing inadequacies in the handling of cyber infrastructure and server systems. Deputy Kominfo Minister Nezar Patria speculated that the hackers were likely foreign nationals, reinforcing the complexity and global nature of cyber threats.

Despite the severe impact, the Indonesian government chose not to pay the ransom. Instead, they focused on recovering and securing their systems, gradually beginning the process of data retrieval and system restoration.

The impact of Pusat Data Nasional Ransomware

The ransomware attack on the Pusat Data Nasional (PDN) had widespread implications for Indonesia’s digital infrastructure. Located in Bekasi, near Jakarta, the PDN facility was expected to be fully operational later this year, with additional centers planned for Batam and IKN Nusantara. This incident has raised critical questions about the security protocols and readiness of these data centers.

The immediate migration to AWS was a crucial step in restoring services, but it also highlighted the need for a more resilient and secure national data infrastructure. The government’s swift action to relocate data underscores the importance of having alternative plans and systems ready to deploy in the event of such attacks.

Reports indicate that the PDN facility is gradually recovering, and efforts are being made to retrieve and secure the data. This process involves not only technical recovery but also a comprehensive review of security practices to prevent future incidents. As Indonesia continues to develop its digital infrastructure, the lessons learned from this ransomware attack will be essential in shaping future policies and security measures.

What if?

If the current recovery efforts prove successful, it will reinforce the importance of having flexible and scalable solutions, such as cloud services, to mitigate the impact of cyberattacks. The experience gained from handling this incident can lead to improved cybersecurity protocols and stronger defenses against future threats.

On the other hand, the attack has already exposed significant vulnerabilities in Indonesia’s cyber infrastructure. Future developments must address these weaknesses to prevent similar disruptions. The incident has also highlighted the need for continuous monitoring and updating of security measures to keep pace with evolving cyber threats.

In the broader context, this attack underscores the global nature of cybersecurity challenges. Collaboration and information sharing among nations and cybersecurity experts can help build more robust defenses and reduce the risk of such incidents in the future.

The PDN ransomware attack has been a wake-up call for the Indonesian government, exposing critical vulnerabilities and prompting swift action to mitigate the damage.

The Brain Cipher ransomware incident on the other hand has demonstrated the need for robust cybersecurity measures and the importance of having contingency plans in place. As Indonesia continues to develop its digital infrastructure, the lessons learned from this incident will be vital in ensuring the security and resilience of its national data systems.

Featured image credit: Freepik

The day has come where big data is part of environmental activism fighting deforestation. Powered by Google Earth Engine, Global Forest Watch was launched in February by the World Resources Institute to facilitate a global fight against deforestation.  Users can look back at trends starting in 2000 and with parts of the map being updated close to every two weeks, hot spots in Indonesia and Brazil can be tracked.

“They log on, access all the data, and run their own algorithms,” David Thau, senior developer advocate for Google Earth Engine, says of the project.  With data drawn from a number of satellites, this program enables scientists to direct access information.  Having grown out of a variety of other projects, the researchers’ algorithms are what generates the extraordinary map following the deforestation, and have now scaled up to do this globally on an unprecedented scale.

According to Thau, Google Earth Engine eases and aids this big-data research.  With normal cloud computing researchers distribute computing tasks across the network.  Working with this program, researchers use a programming interface to enter  queries, which get ‘parallelized’ automatically.

The World Resources Institute is also giving the public access to this information and may be particularly useful in Indonesia.  With the pubic’s support, agribusiness campaigner Gemma Tillack is asking a number of large companies to only grow new plantations that are sustainable and not perpetuating forest loss.  What larger changes can be pushed forward when the public is given free access to the information remains to be seen.

(Image Credit:  Wagner T. Cassimiro)