JAKARTA - Cyberattacks on the Provisional National Data Center (PDNS) 2 based in Surabaya on June 20, 2024 have paralyzed public service systems in a number of government agencies and institutions. The impact of the attack was felt for the first time by immigration services at international airports throughout Indonesia.
Initially, immigration suspected that the disruption to the immigration system was due to technical and network problems. The access to services for crossings was known to suddenly cannot be opened either by immigration officers or by passengers who want to access immigration national data. Immigration services such as making passports and others that day suddenly stopped. Likewise, airport crossing inspection services did not work, so there was a buildup of passengers at a number of airports.
According to Silmy Karim, Director General of Immigration, his party stated that there was a disruption to the immigration service system, on Thursday morning at 4.30 WIB. Initially, his party suspected that the disturbance was related to technical and network. His party had contacted the Technical Directorate of IT Immigration to deal with the problem. According to him, immigration is a government institution that relies heavily on technology and has transformed using digital technology. So that all services rely on technology, the existence of disturbances is a immigration service immediately paralyzed.
However, until 06.00 am Silmy checked the PDN, where the immigration service data system has been integrated into one roof within the National Data Center, there has been no confirmation whatsoever. So he started to temporarily order his officers to use services manually to serve passengers who have started to build up at a number of airports, especially international airports, which started their activities in the early hours of the morning. "To encourage smooth service manually, I deployed assistance personnel," Silmy told reporters at a press conference in Jakarta.
However, for up to 6 hours directly, there has been no improvement. There is also no information whatsoever. Later obtained information from the National Data Center PDN), there was a cyber attack on the National Data Center on the server in Surabaya as well as information obtained at the lower officer level. There is no official information from the official. It is known that Indonesia has a server for the National Data Center at several locations. Apart from Surabaya, it is also in Batam. Meanwhile, the other two in Karawang and at IKN are still in the construction process. So it was confirmed that there was a disturbance in the national data system, on Thursday afternoon.
SEE ALSO:
Ending it Silmy decided with the permission of the Minister of Law and Ham as his superior, deciding to migrate his data by renting servers elsewhere.
Silmy considers that immigration services cannot wait, especially crossing services. He understands very well that Ransome is the type of attack whose repairs take a while. So he decided to immediately move the service server to immigration elsewhere. Incidentally, the Director General of Immigration still has a back up of data at the immigration data center from the Immigration Data Center (Pusdakim) which they previously owned.
That's why the Director General of Immigration became the agency that recovered the fastest when PDN was paralyzed due to hecker's attack. Where the results of the forensic audit were later discovered that PDN was attacked by the Brain Chiper Ransome malware which was still a derivative of malware from Loc Bit 3.0.
Unwavered Repeated Warning
According to the spokesman for the National Cyber and Crypto Agency (BSSN) Ariandi Putra, PDN which is stored on the PDN Server Meanwhile, Surabaya was confirmed to have experienced and received a hacker attack on June 20 morning, at around 00.45 WIB. By the Brain Chiper Ransome malware, which is the latest derivative of Lot bit 3.0.
Ariandi explained that from the results of the BSSN forensic audit, it was known that based on the cyber attack timeline starting on June 17, there had been an attempt to deactivate the window developer installed on the server at PDN 2 Surabaya. Furthermore, on June 20 at 00.54 WIB, it was found that transsius activity entered the server system, there was an effort to remove important data, followed by the malfunction of a number of important files.
At that hour it was known that Ransome's attack began infecting a number of data at that time allegedly a Ransomware attack came in. According to Ariandi, there was an important file deletion in the process. This became the previous point of the spike, finally the ransomware paralyzed by locking/encrypting several systems on the PDN server while in Surabaya.
One of the services that uses the National Data Center and the first to report the failure of the Data Center is immigration. Because they used the data facility for almost 24 hours.
According to CISSReC cybersecurity and Communications expert Pratama Persada, ransomware is a weapon system that hackers use to attack cyber. A loc group of 3.0 bits called Brain Chiper is associated with the latest variant malware, which is resistant and has adapted to antivirals. Brain Chiver turns out to be also undetected by antivirus/antimalware so that it can enter undetected. When it enters, it is destructive if it enters the computer system, all of them are encrypted, their encryption is relatively very high.
This type of loc bit is very productive in piracy in various bonafit entities, both business entities, especially large companies and other entities, such as the government. Lately, they like to attack government entities with a fairly high ransom demand with crypto-type currencies.
Brain Chiper Ransome, a new Ransome that concerns the victim's file and will ask for a ransom, in the form of bitcoin. In the case of hacking the National Data Center, the hakers had asked for a ransom of USS 8 million, or the equivalent of 131 billion (exchange rate of 16,457), the Minister of Communication and Information Budi Ari acknowledged to reporters. However, until yesterday the Kominfo refused to give the ransom. From information from many sources, it is known that Ransome's traces of this type had been identified in many cases of attack, including in March 2024 they stole data from the Chinetics Pharmaceuticals company asking for a cut-off of 4 million US dollars. In October 2023 Brain chipper Ransomware, also committed data theft, belonging to the Oe Federal Credit Union 1.13 terabyte, detected by the Noescape group. In February 2023, Chiper Ramshower stole personal data belonging to students and alumni of virginia unions were stolen.
Ransomware variant Lock Bit 3.0. is suspected to be the ransomware that was the perpetrator of data breach of 1.5 TB customer data at Bank Syariah Indonesia (BSI) including 15 million user data and passwords for internal and service access, in May last year. Ransome, which is thought to have come from a group from eastern Europe, and the former Soviet Republic and Russia.
Ransomware Lock Bit, formerly known as the ABCD ransomware, was detected as starting to activate in September 2091. They operate in the United States, China, India, Indonesia, and Ukraine also in countries across Europe including France, Britain and Germany. They have recordedly attacked Argentine electricity company Group Albanesi, SRF's chemical business and more than 200 CEFCO stores in the southern state of the United States.
According to Sukamta, a member of Commission III of the DPR from the PKS faction, said this cyber attack was a national disaster. "This is not the first case and has been repeatedly warned, including those who will carry out the attack." Already heard rumors from various parties that there would be attacks by various parties, but there was no attempt to anticipate from the Indonesian government." Sukamta said to the media.
Minister of Communications and Informatics, Budi Ari in a working meeting before Member of Commission III of the House of Representatives explained the consequences of cyber attacks against PDN Meanwhile 2, said a total of 239 agencies and institutions were affected; with details of 30 ministries/Institutions, 15 provincial governments, 158 district governments, 48 city governments. Meanwhile, only 48 agencies/institutions, and local governments were declared unaffected. Meanwhile, the institutions that were declared to have recovered from the incident were the Director General of Immigration and the city of Kediri, the Coordinating Ministry for Maritime Affairs and the Ministry of Religion. However, 200 agencies were declared missing or damaged, only 44 agencies could be recovered. Minister of Communication and Information Budi Ari targets that mid-August 2024 PDN is expected to recover.
In the case of the Temporary PDN hack, Forensic Digital Expert Rubi Alamsyah assessed that there were two errors in the management of the PDN. First, there is no optimization of security monitoring, so an infiltration cannot be detected and lock the data. Second, there is no backup system, it looks like the PDNS is not secure by design.
However, Ruby Alamsyah, still believes that the perpetrators do not have the data in PDN, according to her, the perpetrators seem to have not had time to copy the data, so it is suspected that they do not have the data. We hope that the perpetrators only lock and encrypt not having time to copy the data. "Because such a large amount of data takes a long time to move it, but indeed the concept is only to take data/lock down. The perpetrator is thought to only send malwers randomly to various places, who opened the email/web affected by the virus infection".
According to Rubi, until now he is still confident that the data was not accessed by the perpetrators. Rubi, who has handled many cases of victims of the Ransome malware attack, can understand cybercrime behavior. So far, they are honest, if they are redeemed, they are lucky, or if not, the data will be released.
A Number Of Public Services Affected
However, although they were not willing to pay the hecker ransom. However, the public is certain to suffer losses due to the attack. One of the services that was confirmed to be disrupted between the services of the Ministry of Education, Culture, Research, and Technology (Kemendikbud Ristek). The Ministry of Education and Culture's Integrated Service Unit (ULT) Research and Technology on its official Instagram @ult.kemdikbud stated that 47 Ministry of Education and Culture service domains were affected by PDN disturbances, including the Electronic Procurement System (SPSE).
Services at other constrained Ministry of Education and Culture, Research and Technology, such as the loss of data on around 800 thousand KIPK recipients, because there was no backup. BPI registration (Indonesian Education Student) was forced to withdraw: while the schedule for starting lecture abroad did not back down. Indonesian Education Scholarships, it is possible for scholarship recipients to be disbursed late, this is very disturbing for students who live abroad with living costs several times, then disbursed late.
The impact is also felt on Srikandi's services for national filings, it is known that they cannot be accessed. And data services for New Student Admissions (PPDB) in various regions are still disrupted
The impact is not only on institutional agencies, the Ministry as a tenant who was the victim of the hack by the ransom. As a result of the hack, it also has an impact on the position of related institutions such as Kominfo and BSSN as well as the president's attention. So the president asked BPKP to immediately conduct an audit of PDN management.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
