A cyber attacker successfully compromised Indonesia’s national data centre, leading to disruptions in immigration checks at airports.
Reuters reports that the incident caused significant inconvenience, with long lines forming at immigration desks. Fortunately, automated passport machines are now operational, according to the communications ministry.
Indonesian Minister Budi Arie Setiadi revealed that the attacker employed a new variant of malicious software known as LockBit 3.0. However, specific details about this variant were not disclosed.
LockBit ransomware blocks access to computer systems until a ransom is paid. It automatically identifies valuable targets, propagates the infection, and encrypts all reachable systems within a network.
The report stated that efforts are underway to restore services at the affected national data centre, with a focus on immigration services.
As of now, it remains unclear whether any ransom was paid. Semuel Abrijani Pangerapan, an official from the communications ministry, confirmed that digital forensics investigations are ongoing, and further details are yet to emerge.
How ransomware works?
Ransomware is a type of malware that holds a victim’s sensitive data or device hostage, threatening to keep it locked—or worse—unless the victim pays a ransom to the attacker.
Here’s how it typically works:
- Delivery: Ransomware can access a computer through various vectors. Commonly, it arrives via phishing spam—attachments in emails that appear trustworthy. Once downloaded and opened, it takes control of the victim’s computer. Some aggressive variants exploit security holes without user interaction.
- Encryption: The malware encrypts the victim’s files, rendering them inaccessible. The technical details involve complex encryption algorithms, but the key takeaway is that only the attacker possesses the decryption key.
- Ransom Demand: The victim receives a message explaining the situation. To regain access, they must send an untraceable Bitcoin payment to the attacker. Some attackers may pose as law enforcement, demanding a “fine” for alleged illegal content on the victim’s system.
- Variations: There’s also leakware (doxware), where attackers threaten to expose sensitive data unless the ransom is paid. However, encryption ransomware remains the most common type.
