Minister Of Communication And Information Budi Arie Admits Cyber Attack PDN Begins With Efforts To Disable Windows Defenders, Here's The Chronology
JAKARTA - Minister of Communication and Information Budi Arie Setiadi, explained the chronology of cyber attacks on the National National Data Center (PDN). The attack in the form of ransomware was first detected on June 17, 2024.
"So the identification of the first disturbance occurred at PDNS (Temporary National Data Center) 2 in Surabaya in the form of cyber attacks in the form of ransomware called Brain Cipher Ransomware," Budi Arie said at the Commission I Working Meeting of the DPR RI with the Minister of Communication and Information and the Head of the National Cyber and Crypto Agency (BSSN) at the DPR RI, Jakarta, Thursday, June 27, was confiscated by Antara.
"The ransomware Pascape was found to be an attempt to disable Windows Defender security features starting June 17, 2024 at around 23.15 WIB which allows dangerous delicious activities to operate," he continued.
Budi Arie explained that ransomware is a broken type of software that prevents users from accessing the system either by locking the system screen or locking the user file until the ransom is paid.
He said in the attack on PDNS 2, the hackers demanded a ransom of 8 million US dollars or around Rp. 131 billion.
SEE ALSO:
He said dangerous activities began to occur on June 20, 2024 at 00.54 WIB, including through the installation of malicious files, the removal of important system files, and the deactivation of running services.
At 00.55 WIB on the same day, Windows Defender is known to have crashed and could not operate.
As for June 26, 2024, this attack has had an impact on PDNS 2 services, disrupting 239 user agencies. Among them, 30 ministries/agencies, 15 provinces, 148 districts, and 48 cities were directly affected.
However, there are 43 agencies that are not affected because their data is only stored as reserves in PDNS 2. This agency consists of 21 ministries/agencies, one province, 18 districts, and three cities.
"The institutions that have succeeded in recovering services are the Kemenkomarves (namely) licensing services for events, the Ministry of Law and Human Rights (namely) immigration services, LKPP (namely) SIKAP services, the Ministry of Religion (namely) Sihalal, and the City of Kediri. this is for digital ASN," said Budi Arie.
From the impact analysis, Budi Arie said the attack was categorized at "critical" and "major" levels. At critical levels, the impact includes total or partial interference of the main function, data loss, and inaccessible virtual machine (VM).
The impact on service and finance can also occur with all affected roles at the critical level.
Meanwhile, at the major level, although there was a failure in one feature, it was not affected by the service or application, but there was a decline in performance in the application and the impact was felt by many tenants.