Indonesia Recovers from Major Ransomware Attack Affecting Over 160 Government Agencies

Indonesia is beginning to recover data encrypted in a major ransomware attack last month, which affected more than 160 government agencies. The attackers, identified as Brain Cipher, initially asked for $8 million in ransom to unlock the data before later apologizing and releasing the decryption key for free, according to Singapore-based cybersecurity firm StealthMole.

The cyber attack disrupted multiple government services, including immigration and operations at major airports. Indonesian officials acknowledged that the bulk of the data had not been backed up. Chief Security Minister Hadi Tjahjanto said in a statement late Thursday that data for 30 public services overseen by 12 ministries had been recovered using a 'decryption strategy,' without elaborating on the specifics.

'The communications ministry is using a decryption strategy to recover services or assets from ministries, state agencies, and the regional governments that are affected. We are handling this gradually,' the statement said. It remains unclear whether the government had used Brain Cipher's decryption key. Chief Security Minister Hadi Tjahjanto and Communications Minister Budi Arie Setiadi did not immediately respond to requests for comment.

Ransomware attackers use software to encrypt data and demand payment from victims to restore it. Indonesia reported that this attack employed malicious software known as Lockbit 3.0.

(With inputs from agencies.)