Hacker group gives decryption key to Indonesian Government to restore national data centre

The hacker group responsible for perpetrating a ransomware attack on Indonesia’s national data centre has provided the decryption key to the government to restore the country’s compromised national data centre for free. 

The Ministry of Communications and Informatics (Kominfo) has confirmed that it has used the decryption key to reaccess the Temporary National Data Centre (PDN)-2. 

"We have tested the key and successfully unlocked six sets of data," said ex Ministry of Kominfo’s Director-General of Informatics Applications, Semuel Abrijani Pangerapan, in Jakarta, July 4, as reported by Tempo.  

However, he was reportedly unsure whether a single key would unlock all encrypted data. "Our technical team is currently working (on decryption)," Semuel added.  

Hacker group Brain Cipher on July 3 provided decryption keys for the data locked by a ransomware attack on the data centre. The data had been hacked on June 20 and was held at a ransom of US$8 million.  

The hackers provided the decryption key through an announcement on the dark web according to the X account of Stealthmole, a cybersecurity company from Singapore.  

The hacker’s choice 

Within their statement, the hacker group explained that they attacked Temporary PDN-2 because the data was “easy to unload... and encrypt”.  

Brain Cipher claimed that they "independently made the decision [to provide the decryption key], without intervention from special services or legal institutions”, and this is “the first and last time a victim will receive keys for free”.  

They will wait for the Indonesian government to confirm that the free key works. Once they have received confirmation, they claim that they will permanently delete the data. 

“If the government argues that it has recovered data independently, or through the help of third parties, we will publish the data,” said the statement. 

There has been no official response from the Indonesian government to this statement, including how the process of interaction between the two led to this decision. 

Kominfo’s top official resigns 

Taking responsibility for the cyberattack on the Indonesia national data centre, Semuel has resigned from his position as Ministry Kominfo’s Director-General Application Informatics. 

"I declare that as of July 1, I have submitted my resignation verbally and the letter has been submitted to the Minister of Kominfo," Semuel said earlier in Jakarta. 

Semuel said the cyberattack incident on Temporary PDN-2 was his responsibility. "So, I took the moral responsibility to step down, and I stated that this is a task that I should have handled well. That's the main reason (for my resignation)." 

He was the Kominfo official in charge of the Directorate of Government Application Services, the technical unit that provides data centre infrastructure to support the implementation of e-government in Indonesia. 

Semuel has ensured that the data recovery process continues despite his resignation. He may not have access to further information on how the recovery process is progressed, but he knows that the Ministry of Kominfo, the National Cyber and Crypto Agency (BSSN) are currently working to recover the locked national data, a source said to GovInsider. 

Government: password negligence caused an attack 

The Indonesian Government has stated that the negligent use of passwords is suspected to have caused the ransomware attack.  

"From the forensic results, we have been able to find out who was the user who (negligently) shared his password and eventually caused these very serious problems," said Political, Legal and Security Coordinating Minister, Marshal (Purn) Hadi Tjahjanto, July 1, in Jakarta.    

The government also said that it would initiate legal action against the person. 

Hadi emphasised that cybersecurity protocols in each government agency must be tightened immediately following this incident. In the future, users accessing the Temporary PDN system will be monitored directly by BSSN, including password usage.   

"Every tenant or ministry is also required to have backup data, this is mandatory, not optional anymore. So that if there is a disruption, there is still a backup at the disaster recovery centre," he said.