Deputy Minister of Communication and Informatics Nezar Patria said on Wednesday, June 26, 2024, that data in 282 ministries, institutions and regional administrations kept in the Temporary National Data Center have been impacted by ransomware digital attacks.
The government has so far managed to recover data in 44 central and regional government institutions because they have relatively good data backups, while data in the other 238 government entities are still under monitoring.
“God willing, most of them are not affected. We hope that the recovery can be faster,” Nezar said on Wednesday, June 26, 2024.
The National Cyber and Crypto Agency (BSSN) told a press conference on Monday that a new variant of ransomware was used in the June 20th cyberattack on two temporary National Data Center (PDN) facilities, which had affected databases managed by more than 200 central and regional institutions.
The recovery, Nezar Patria, said is done through data migration because the ransomware encrypted or locked the existing data and files. At the same time, the intruder holds the key to the encrypted data.
“If we want to open the data, we have to pay ransom, that’s the logic. We didn’t pay the ransom, but we took mitigation steps to save the data.” he said.
After saving the data, government will carry out data migration by using the backed up data.
According to Nezar, the ransomware attack can penetrate into national data center system through various ways. Some attacks are deliberately done by humans.
Someone inserted a flash disk or something that can inject ransomware or malware into the system.
Malwares and ransomwares can also spread through links and other apps that have been infected.
“Now this is being audited by National Cyber and Crypto Agency (BSSN). The agency has identified the route where the ransomware entered the system. So for the time being, it is suspected that it entered through one endpoint. We are assessing where the hole is,” Nezar said.
He cited that the majority of the data encrypted by the attacker is public service data, while the top secret data is actually in safe condition because they were kept in separated servers.
