Indonesian President Joko Widodo on Friday ordered an audit of presidency data centers after officials said much of the info exposed in a recent ransomware cyberattack had not been secured, leaving the country vulnerable to such attacks.
Last week’s cyberattack, essentially the most serious in Indonesia in several years, has disrupted many government services, including immigration control and operations at major airports.
The government said the attack affected greater than 230 public agencies, including ministries, but refused to pay an $8 million ransom demanded to get well the encrypted data.
In response to the cyberattack, Indonesia’s state auditor said the president had ordered him to examine data centers within the country.
The audit will cover “management and financial features,” Muhammad Yusuf Ateh, head of the Indonesian Development and Financial Control Authority (BPKP), said after attending a cupboard meeting led by Widodo on Friday.
Hinsa Siburian, the official who heads Indonesia’s cybersecurity agency, known by its acronym BSSN, said 98% of presidency data stored in one among two infected data centers had not been backed up.
“Generally speaking, we believe the main problem is governance and there is no support,” he told a parliamentary hearing late on Thursday.
Some lawmakers rejected this explanation.
“If there is no support, it is not a lack of governance,” said Meutya Hafid, chairman of the committee overseeing the incident. “It is stupidity.”
A BSSN spokesman didn’t immediately reply to a matter about whether it will be possible to get well the encrypted data.
Budi Arie Setiadi, Indonesia’s communications minister, said the ministry has spare capability in data centers but that using the service is optional for presidency agencies.
He added that government agencies weren’t backing up data on account of budget constraints. He added that it will soon turn into mandatory.
The cyberattack sparked a wave of criticism of the minister on social media in Indonesia.
Digital rights group SAFEnet has launched a petition calling for Budi’s resignation, citing his lack of accountability for repeated cyberattacks.
When Budi was asked to comment on the calls for his resignation, he sent a separate petition to Reuters calling for him to stay as minister.
The minister told parliament that a “non-state actor” in search of money was likely behind the attack and that government services must be fully restored by August.
Ransomware attackers use software to encrypt data and demand payment from victims to revive the info. Indonesia said the attacker on this particular incident used an existing malware called LockBit 3.0.
