JAKARTA: The government has been urged to immediately disclose the types of data affected by last week’s ransomware attack at a temporary National Data Centre (PDN) facility and to take swift action to recover the lost data.

With 98 percent of all affected data having been rendered inaccessible without any backups, analysts said that the government would have no choice but to recollect it from scratch, a move that will cost a fortune and require extensive efforts.

Since June 20, at least 282 databases of agencies in central government and regional administrations have been impacted by a cyberattack using Brain Cipher, a new variant of the LockBit 3.0 ransomware, which blocks user access and disrupts various public services, including immigration services.

The attackers have demanded an US$8 million ransom, which the government refuses to pay.

During a meeting with House of Representatives Commission I overseeing communications and information on Thursday (June 27), Communications and Information Minister Budi Arie Setiadi said the ministry had only backed up 2 percent of all compromised data.

The statement was met by analysts, such as Nenden Sekar Arum of the Southeast Asia Freedom of Expression Network (SAFEnet), with condemnation and louder calls for an immediate recovery of the lost data.

“The most important thing is ensuring that public services can resume, for which data recovery would certainly help,” the group’s executive director said on Friday.

As of Friday evening, immigration services were reportedly struggling to resume normal functions, resulting in thousands of pending passport requests.

The immigration office had received hundreds of complaints in the past week, with many demanding the office start manually entering data as online databases were still inaccessible.

“The staff did not provide any solutions when we asked,” Chrysant Putri, whose trip to Malaysia for her husband’s cancer treatment was delayed indefinitely due to the cyberattack, told The Jakarta Post.

“They could at least just enter my data manually. As they’re staying put, there’s nothing I can do either,” she continued.

The manual re-entry of all affected data, as suggested by Chrysant, might be the only feasible way toward recovery, according to Nenden.

“This will indeed be troublesome for people because they have the responsibility to fill in their [data] again.”

‘Stupidity’

During Thursday's meeting, Minister Budi pledged that a full recovery was expected by the second week of August.

Such an effort would be followed up by a full audit that was expected to be complete by the end of September.

The recent cyberattack also inspired the ministry to improve its governance, he added, saying that a ministerial decree was in the works to require all ministries, agencies and regional offices storing data in PDN to make backups.

Budi’s statement was met with sharp criticism from Commission I chair Meutya Hafid of the Golkar Party: “If there’s no backup, that’s not a lack of governance. That’s stupidity.”

President Joko “Jokowi” Widodo ordered a full audit of the data centers, covering “the governance and financial aspects”, said Development Finance Comptroller (BPKP) head Muhammad Yusuf Ateh following a cabinet meeting on Friday, as reported by Reuters.

While the deadlines were set for recovery and auditing, the government should not wait too long to practice transparency on the details of the ransomware attack, including an announcement about the non-recoverable data.

“The government must inform the public whether the data lost includes critical or sensitive data, such as the citizenship identification numbers [NIK], as this determines how big the impact will be,” said Wahyudi Djafar, executive director of rights group Institute for Policy Research and Advocacy (ELSAM), asserting that transparency would allow for risk mitigation.

The cyberattack resulting in the blockage of authorized parties’ access to sensitive data may compromise the information integrity, since unauthorized people now possess the data, he added.

“This can jeopardize the economy, health and other sectors,” Wahyudi continued.

The government should remain alert to the possibility that the lost data may be misused by the attackers despite the National Cyber and Encryption Agency’s (BSSN) assurance that the encrypted data remained in the PDN server, said cybersecurity expert Ardi Sutedja.

“Hackers normally don’t work alone. They are in a group where each individual has its role, including unlocking encrypted data,” he said.

“The government can’t underestimate this as hackers are now more skillful than a decade ago.”

Experts labeled the latest cyberattack as the worst in the country’s history due to its massive impact on public services, leaving citizens eligible to file a class action lawsuit against President Joko “Jokowi” Widodo’s administration for negligence in protecting their personal information, as stipulated in the Electronic Information and Transactions (ITE) Law and the Personal Data Protection Law.

“People can challenge President Jokowi in the court since the temporary PDN was mandated in a presidential regulation,” Wahyudi of ELSAM said, “apart from the fact that the failure of data protection and public services affected many ministries at the same time.” - The Jakarta Post/ANN