The attackers, identified as Brain Cipher, asked for US$8 million (S$10.7 million) in ransom to unlock the data, before they later apologised and released the decryption key for free, according to Singapore-based cyber-security firm StealthMole.
The attack disrupted multiple government services, including immigration and operations at major airports. Indonesian officials have acknowledged that the bulk of the data had not been backed up.
Coordinating Political, Legal and Security Affairs Minister Hadi Tjahjanto said in a statement late on July 11 that data for 30 public services overseen by 12 ministries had been recovered using a “decryption strategy”, without elaborating.
“The Communications and Information Ministry is using a decryption strategy to recover services or assets from ministries, state agencies and the regional governments that are affected. We are handling this gradually,” the statement said.
It was not immediately clear if the government had used Brain Cipher’s decryption key. Mr Hadi and Communications and Information Minister Budi Arie Setiadi did not immediately respond to requests for comment.
Ransomware attackers use software to encrypt data and demand payment from victims to restore the data. Indonesia said this attack used malicious software called Lockbit 3.0.
Reuters