The cyber attack has interrupted the services of more than 200 government agencies, both nationally and regionally, since Thursday, said the director general of computer applications at the Ministry of Communications and Information Technology, Samuel Abrijani Pangerapan.
Some government services have returned -- immigration services at airports and elsewhere are now functional -- but efforts to restore other services, such as investment licensing, continue, Pangerapan told reporters on Monday.
The hackers restricted access to the data and offered an access key in exchange for paying a ransom of eight million dollars, said the director of network solutions and information technologies at PT Telkom Indonesia.
Herlan Wijanarko said the telecommunications company, in collaboration with domestic and foreign authorities, is investigating and trying to break the encryption that made the data inaccessible.
The Minister of Communication and Information Technology, Budi Arie Setiadi, told journalists that the government will not pay the ransom.
"We have tried our best to carry out the recovery while the [National Cyber and Cryptographic Agency] is currently carrying out forensic analysis," Setiadi added.
The head of the agency, Hinsa Siburian, said it had detected samples of the Lockbit 3.0 ransomware program.
Ransomware' is a type of malicious computer program that exploits a company's or individual's security vulnerabilities and threatens victims with the destruction or blocking of access to critical data or systems until a ransom is paid.
Indonesian Cyber Security Research Institute president Pratama Persadha said the current attack was the most serious in a series of 'ransomware' attacks that have targeted Indonesian government agencies and companies since 2017.
"The outage of the national data center and the number of days needed to recover the system means this 'ransomware' attack was extraordinary," Persadha said.
"This shows that our cyber infrastructure and its server systems were not being managed well," the expert added.
Persadha said an attack would not have been felt if the government had a good backup system that could automatically take control of the main data center server during a cyber attack.
In 2023, a platform that analyzes malicious activity in cyberspace, Dark Tracer, revealed that a group of hackers known as LockBit claimed to have stolen 1.5 terabytes of data managed by Indonesia's largest Islamic bank, Bank Syariah Indonesia.
