Indonesia National Data Centre (PDNS) ransomware attack
The Brain Cipher ransomware group encrypted Indonesia's Temporary National Data Centre (PDNS 2), disrupting 282 government services across more than 200 agencies and demanding an $8 million ransom the government refused to pay.
- Victim
- Pusat Data Nasional Sementara (PDNS 2)
On 20 June 2024, Indonesia's Temporary National Data Centre (Pusat Data Nasional Sementara, PDNS 2) in Surabaya was crippled by ransomware deployed by a group calling itself Brain Cipher. The attack paralysed core government services nationwide and exposed a catastrophic absence of data backups, becoming the most damaging public-sector cyber incident in Indonesian history.
What happened
Brain Cipher — a ransomware strain investigators identified as a derivative of LockBit 3.0 — encrypted the systems hosted at PDNS 2, one of the interim facilities serving Indonesian ministries while permanent national data centres were under construction. Officials later disclosed that the intrusion was aided by basic security failures, including default configurations and disabled protections on the Windows Defender layer.
The encryption knocked out an estimated 282 government services spanning more than 200 agencies, including the immigration directorate, whose outage stranded travellers at major airports as passport and visa checks reverted to manual processing.
Impact
- 282 services across 210+ central and regional government bodies were disrupted, with immigration, the national scholarship platform, and local-government systems among the worst hit.
- Critically, authorities admitted that only around 2 percent of the data stored at PDNS 2 had been backed up elsewhere, meaning most affected agencies could not restore operations even after decryption.
- The attackers demanded an US$8 million ransom, which the government publicly refused to pay.
Resolution
On 3 July 2024, Brain Cipher posted a statement apologising "to the citizens of Indonesia" and released a free decryption key, which the National Cyber and Crypto Agency (BSSN) verified as functional. The reversal spared the government a ransom payment but did not undo the data loss from agencies that had never been backed up.
Why it matters
The PDNS attack became a national scandal over digital-governance negligence. Parliamentary hearings revealed that the centre had received roughly Rp 700 billion in state funding yet lacked elementary backup discipline. The head of BSSN offered to resign, and the episode prompted a presidential order to audit government data centres and accelerate backup mandates — a textbook case of how a single under-protected shared facility can become a single point of failure for an entire state's digital services.
Financial impact
Reported costs in USD
Timeline
PDNS 2 in Surabaya is encrypted by the Brain Cipher ransomware group, a variant derived from LockBit 3.0.
Immigration, passport, and visa systems fail at airports; the government confirms a ransomware attack.
Attackers demand an $8 million ransom; officials announce they will not pay.
Authorities reveal that the bulk of affected data had no backups, making most services unrecoverable.
Brain Cipher publicly apologises and releases a free decryption key to Kominfo.
Head of the BSSN cyber agency offers to resign before parliament over the failure.
Sources
- datacenterdynamics.comhttps://www.datacenterdynamics.com/en/news/ransomware-incident-shuts-down-indonesian-govt-data-center/
- en.tempo.cohttps://en.tempo.co/read/1887231/pdns-decryption-key-offered-but-hackers-threaten-kominfo-data-release-on-denial
- fulcrum.sghttps://fulcrum.sg/indonesias-national-data-centre-ransomware-attack-a-digital-governance-failure/
- databoks.katadata.co.idhttps://databoks.katadata.co.id/en/demographics/statistics/b2e18210406faf2/before-ransomware-attack-national-data-center-received-rp700-billion-in-state-budget-funding