JAKARTA: The National Police are investigating the ransomware attack on a temporary National Data Centre (PDN) facility last week that crippled immigration processes and is still disrupting other public services to date, with a view to laying criminal charges against the perpetrators.

“The police will collaborate with all relevant stakeholders in handling [the cyberattack] incident and of course, we will look into” the possibility of opening a criminal investigation, spokesperson Insp. Gen. Sandi Nugroho said on Tuesday (June 25), as quoted by Antara.

The temporary facility in East Java capital Surabaya was hit by a ransomware attack on June 20, which disrupted immigration services at Soekarno-Hatta International Airport in Greater Jakarta and student enrollment at state schools in Dumai, Riau.

It remains unclear who was responsible for the attack, but the Communications and Information Ministry was adamant that the government would not pay the US$8 million ransom the attackers demanded.

The National Cyber and Encryption Agency (BSSN) said the attackers used a new ransomware called Brain Cipher, an updated version of LockBit 3.0.

State-owned communications company PT Telkom Indonesia reported that 282 databases belonging to central and regional administrations linked to the temporary data centre in Surabaya were still affected by the breach as of Tuesday, according to a press release from the communications ministry.

Telkom subsidiary Telkomsigma operates the Surabaya facility, where data recovery processes are ongoing.

Database access has been restored for several agencies, including the Immigration Office, the Office of the Coordinating Maritime Affairs and Investment Minister, the Kediri municipal administration in East Java and the National Procurement Agency (LKPP), which have resumed public services.

Last Thursday’s breach had also disrupted enrollment at state schools in Dumai, Riau, Tempo.co reported. - The Jakarta Post/ANN