The ransomware attack on Indonesia’s National Data Center (PDN) has reshaped how the country views cybersecurity preparedness. Since Thursday, June 20, 2024, a major disruption caused by Brain Cipher ransomware, a variant of LockBit 3.0, has affected more than 200 critical public services across central and regional institutions.
Unlike traditional ransomware attacks that focus solely on encrypting victims’ data, the attackers in this case deployed a double extortion strategy. They not only encrypted the data but also exfiltrated it, increasing pressure by threatening to leak sensitive information unless a ransom was paid.
This escalation makes the PDN incident particularly alarming. The potential impact extends far beyond temporary service outages, posing significant financial, operational, and reputational risks to any organization that lacks adequate defensive measures.
The attack serves as a wake-up call; cyber resilience is now essential.
Who, then, bears the greatest consequences of such an attack? And more importantly, how can organizations prepare for similar threats in the future? This article explores what happened at the National Data Center and outlines why a strong cyber resilience strategy is critical for modern enterprises.
What Happened at Indonesia’s National Data Center?
Indonesia’s National Data Center (PDN) came under intense public scrutiny after a cyberattack crippled services for several days. The attackers reportedly breached PDN servers and demanded a ransom of US$8 million (approximately IDR 130 billion) from the Indonesian government.
According to Indonesia’s National Cyber and Crypto Agency (BSSN), preliminary forensic findings indicate that the attack began on June 17, 2024, at 11:15 PM (WIB). The attackers first attempted to disable Windows Defender security features, allowing malicious activity to proceed undetected.
As a result, PDN servers were disrupted, affecting more than 200 government institutions at both central and regional levels. Among the impacted services was the Kartu Indonesia Pintar (KIP) program database, which interfered with the ongoing verification process for prospective university students.
The scale of the disruption demonstrates how a single breach can ripple across multiple public services, highlighting the urgent need for stronger resilience frameworks at the national and organizational levels.
LockBit 3.0: The Ransomware Variant Behind the National Data Center Attack
The Brain Cipher ransomware used in the attack on Indonesia’s National Data Center is believed to be a newer variant of LockBit 3.0, one of the most notorious ransomware strains in recent years. A similar variant was previously linked to an attack on one of Indonesia’s largest Islamic banks in 2023.
Once LockBit 3.0 infiltrates a system, it encrypts data, effectively restricting access to critical information. In the worst-case scenario, organizations risk permanent data loss if recovery measures fail.
According to Broadcom’s analysis, operators behind Brain Cipher typically demand ransom payments after encrypting and exfiltrating sensitive data. Victims are provided with an encryption ID, which is then used on a dedicated Onion site to initiate ransom negotiations.
Initial access is often gained through structured playbooks. Threat actors may leverage Initial Access Brokers (IABs), phishing campaigns, exploitation of vulnerabilities in public service applications, or exposed Remote Desktop Protocol (RDP) configurations to penetrate target systems.
Interestingly, on June 16, 2024, just one day before the reported attempt to disable Windows Defender security features on PDN servers, security guidance recommended blocking malware classifications (Known, Suspect, and PUP) from executing and temporarily delaying cloud scanning to maximize VMware Carbon Black Cloud protection. The timing highlights how sophisticated threat actors can exploit small security gaps before detection measures are fully optimized.
What Is Cyber Resilience and Why Is It Effective Against LockBit 3.0?
Cyber resilience has become a critical concept in today’s digital landscape, where ransomware attacks such as LockBit 3.0 can rapidly disrupt operations and damage organizational credibility.
Cyber resilience goes beyond simply responding to an attack. It focuses on preparing for disruption, maintaining operational continuity, and recovering quickly when incidents occur.
First, cyber resilience emphasizes early detection. The faster an organization can identify malicious activity; the sooner it can contain the spread and limit potential damage.
Second, it prioritizes rapid and structured recovery. This includes not only restoring systems and data but also safeguarding customer trust and minimizing financial losses. Organizations with well-designed backup strategies and tested recovery procedures are far better positioned to withstand ransomware incidents without prolonged downtime.
Finally, cyber resilience incorporates regulatory compliance and data protection governance. In the context of Indonesia’s Personal Data Protection Law (PDP) and other emerging regulations, organizations must ensure their cybersecurity practices align with legal requirements. Embedding compliance into a broader cyber resilience strategy helps reduce legal exposure and reputational harm following a data breach.
In short, cyber resilience is not merely a defensive tactic, but a long-term operational strategy designed to ensure business continuity, even in the face of sophisticated ransomware threats.
Want to Keep Your Business Data Secure and Ready for Ransomware Attacks? NetApp Cyber Resilience Could Be the Right Solution.
NetApp takes a comprehensive approach to strengthen organizational cyber resilience against advanced threats such as LockBit 3.0 ransomware. The strategy goes beyond detection and incident response; it emphasizes prevention, containment, and rapid recovery to minimize operational and financial impact.
Here are several NetApp capabilities that help enhance your organization’s cyber resilience posture:
1. NetApp FPolicy
FPolicy helps detect and prevent unauthorized access within NetApp storage systems, including suspicious activities commonly associated with ransomware attacks. Administrators can define granular access policies and automate actions when violations occur.
2. Autonomous Ransomware Protection (ARP) Detection Engine
Powered by automation and AI-driven analytics, this detection engine identifies ransomware activity in real time. By analyzing file access patterns and unusual network behavior, it can recognize anomalies and trigger rapid mitigation measures before widespread damage occurs.
3. Multi-Admin Verification (MAV)
MAV adds a layer of administrative control by requiring multiple approvals for critical changes. This reduces the risk of unauthorized or accidental modifications that could compromise system security.
4. NetApp SnapLock
SnapLock enables the creation of temper-proof, read-only snapshots that cannot be altered or deleted until a defined retention period expires. This makes it particularly suitable for compliance-driven environments where immutable data storage is required.
5. NetApp Immutable Snapshot
Immutable snapshots provide an additional safeguard against ransomware by ensuring backup copies cannot be modified or deleted. In the event of an attack, organizations can restore data to its pre-incident state with confidence that the backup itself has not been compromised.
6. NetApp Cyber Vault
Cyber Vault is designed to protect critical data by maintaining secure, isolated copies that can be used for rapid recovery following a security incident. Even if the primary IT infrastructure is affected, essential data remains protected and recoverable.
Get NetApp Cyber Resilience Solutions from MBT
As an authorized NetApp distributor, Mega Buana Teknologi (MBT) provides experienced and certified IT specialists to help you implement NetApp Cyber Resilience solutions effectively, without costly trial and error.
With 24/7 IT support, MBT delivers end-to-end assistance, from pre-implementation consultation to post-deployment support, ensuring your organization maintains strong and sustainable security practices.
contact us today to learn more about how NetApp Cyber Resilience can protect your business. Start strengthening your cybersecurity foundation now.
Author: Ary Adianto – Content Writer CTI Group
