ASIATODAY.ID, JAKARTA – The Indonesian National Data Center server has experienced problems since Thursday 20 June 2024, causing problems with several public services including immigration services.
The National Cyber and Crypto Agency (BSSN) of the Republic of Indonesia revealed that the incident occurred due to ransomware.
Head of BSSN Hinsa Siburian said he had coordinated with the Ministry of Communication and Information and other parties in efforts to deal with disruptions to the Government Cloud Computing Services ecosystem, especially at the National Data Center.
“The results of our identification are the problems that occurred at the National Data Center due to ransomware type cyber attacks,” he said when giving a press statement at the Ministry of Communication and Information Technology Office, Central Jakarta, Monday, June 24 2024.
Hinsa Siburian said, from the ransomware incident, BSSN discovered that there was an attempt to deactivate the Windows Defender security feature which occurred starting June 17 2024 at 23.15 WIB, thus allowing malicious activity to take place. Then, malicious activity began to occur on June 20 2024 at 00.54 WIB, including installing malicious files, deleting important file systems, and disabling running services.
Files related to storage, such as: VSS, HyperV Volume, VirtualDisk, and Veaam vPower NFS start to be disabled and crash.
“It was discovered that on June 20 2024, at 00.55 WIB, Windows Defender experienced a crash and could not operate,” explained Hinsa.
Currently, continued Hinsa, BSSN, Kominfo, Cyber Crime Polri, and KSO Telkom-Sigma-Lintasarta are still in the process of carrying out a thorough investigation into forensic evidence obtained with all limited evidence, or digital evidence due to the condition of the evidence being encrypted as a result of the attack. the ransomware.
“We are still continuing to carry out a thorough investigation referring to the forensic evidence that has been obtained. “With all the limitations of evidence, or digital evidence due to the condition of the evidence being encrypted due to the ransomware attack,” said Hinsa.
The Head of BSSN further explained that in this incident BSSN had succeeded in finding the source of the attack which came from a ransomware file with the name Brain Cipher Ransomware.
This ransomware is the latest development of the lockbit 3.0 ransomware. The ransomware samples will then be subjected to further analysis involving other cybersecurity entities.
“This is important for lessons learned and mitigation efforts so that similar incidents do not happen again,” said Hinsa.
As of Monday 24 June 2024, since 07.00 WIB, the affected Immigration Services have been operating normally. These include Visa and Stay Permit Services, Immigration Checkpoint Services (TPI), Passport Services, Visa on Arrival (VOA) on boarding Services, and Immigration Document Management Services.
Focus on Public Service Recovery
Deputy Minister of Communication and Information Nezar Patria stated that the government is currently focusing on restoring government services in the National Data Center which was affected by the cyber attack.
According to him, recovery will be carried out as soon as possible.
“As quickly as possible, we can recover some of them, for example Immigration. “We continue to work now to overcome this, especially that public services can run again as usual as we hope, we ask for everyone’s support and prayers,” he explained.
Nezar emphasized that immigration services are one of the government services that has been restored and can be used again by the community.
Meanwhile, other affected services are still in the process of being restored.
“We have restored basic services, we are continuing to work on everything else now,” he said.
He said that the national data center also has a Disaster Recovery Center (DRC) facility which assists efforts to restore affected services. (AT Network)
Follow Us at Google News and WA Channel