JAKARTA (ANN/THE JAKARTA POST) – A senior official from Indonesia’s Ministry of Communications and Information Semuel Abrijani Pangerapan, the ministry’s Director General of Informatics Applications, announced his resignation on Thursday after a ransomware attack crippled a temporary national data centre, causing weeks of disruption to many government services.
Semuel stated that he was stepping down due to a “moral failing” in his responsibility to protect the data centre in Surabaya, East Java, from the cyberattack on June 20.
“I decided to resign on July 1 and tendered the letter [of resignation] to the minister [Budi Arie Setiadi] yesterday,” said Semuel, who had served for eight years in his position, when publicly announcing his resignation during a press conference.
“I apologise for all the mistakes made and anything I said that caused upset. This incident is technically my responsibility and I should have resolved it.”
The resignation came after the cyberattack caused nationwide disruption to services connected to the server.
The cyberattack was carried out using Brain Cipher, an updated version of the LockBit 3.0 ransomware allegedly used for the hit on state-owned sharia lender Bank Syariah Indonesia (BSI) last year.
The temporary national data centre is fully managed by the communications ministry through infrastructure and network services leased from state-owned telco firm PT Telkom’s subsidiary Telkomsigma and publicly listed telco firm Indosat subsidiary Lintasarta, respectively.
Prior to his role as a director general, he had chaired the Indonesian Internet Service Providers Association (APJII) for four years until May 2015.
During the 2014 election, he was on the permanent executive committee of Seknas Jokowi, a group of supporters of President Joko “Jokowi” Widodo.
When Jokowi won the election in that year, his name was touted as a potential candidate for communications and information minister, according to some media reports, a post that was later filled by Rudiantara.
He became the ministry’s director general in October 2016 after beating other candidates, who also came from Jokowi supporter groups.
Semuel’s resignation came as the government struggled to restore services and databases for a total of 282 institutions of the central government and regional administrations. The ministry aimed to restore at least 18 databases by June 30, but had only restored five by the end of the month.
The ministry has obtained a decryption key, published by the ransomware operation group claiming responsibility for the attack, to unlock the encrypted data, Semuel confirmed in the press briefing.
The key was posted on a dark web site as seen in the post’s screenshot posted by StealthMole, a Singapore-based web threat intelligence company, on X on Wednesday evening.
The key had been tested on a specimen, a captured sample of data to see if it unlocked any encrypted information within the data itself, but he refused to comment further.
“The technical team is still working on it,” he said.
The Brain Cipher operation, which executed the attack, added that it would permanently delete the data it stole during the attack once the government confirmed that the key was working and recovered the data.
Otherwise, it threatened to disclose the locked data publicly if the government announced the recovery of the data on its own or with the help of any third party.
Despite obtaining the key, Semuel noted that the data centre remained locked under isolation, preventing further unauthorised access and data exfiltration from anyone, especially the hacker group.
The ministry will also investigate a suspected password leak involving an inside job among the companies behind the country’s data centre facility, he said.
Despite having the purported decryption key in hand, the road to the data recovery remains fraught with challenges, Indonesia Cyber Security Forum (ICSF) chair Ardhi Sutedja told The Jakarta Post on Thursday.
Restoring the data must be done with extreme caution to avoid residual malware in data, network systems and hardware. “This will take a lot of time, significant manpower and a high level of precision and care,” he said.
He estimated the meticulous recovery process could take from six months to a year.
The sluggish recovery process is “worrying”, he said, citing the absence of a crisis management plan within the ministry.
The government’s response, which had been marred by finger-pointing and a lack of coordinated action “doesn’t solve the problem and only exacerbates the lack of a crisis management plan”, he argued, adding that restoring the data should be a priority.
Despite applauding the resignation, Ardi pointed out that many questions remained unanswered. “How did it happen? Why was that national data centre targeted?”
Institute for Policy Research and Advocacy (ELSAM) chairman Wahyudi Djafar said on Thursday that minister Budi should contemplate his aide’s resignation, “as the pressure should be on the minister, not the director general.”
Members of the public have called for the resignation of Budi, including through an online petition that has drawn over 25,000 signatories. Budi, who is also head of Projo, the largest supporter group of President Jokowi, remains unmoved by the call.
Nevertheless, the incident will add a challenge for the government in resolving prevailing cybersecurity issues and implementing the Personal Data Protection Law due in October.
He urged the government to quickly appoint a new figure to fill the director general’s position and to prevent future incidents.