The infamous LockBit ransomware group launched a cyberattack against Indonesia’s national data center last week, impacting hundreds of government agencies and causing significant delays at Soekarno-Hatta International Airport in Jakarta. This incident highlights the growing threat posed by ransomware to critical infrastructure around the world.

The attack involved deploying ransomware, a type of malicious software that encrypts a victim’s data, essentially holding it hostage until a ransom is paid. LockBit demanded a hefty $8 million ransom to decrypt the stolen data, which the Indonesian communications ministry has confirmed they will not pay. Recovery efforts are ongoing, with immigration services gradually returning to normal as of Monday.

LockBit, believed to be a Russian cybercriminal group, has become a major cybersecurity threat in recent years. The group is known for its aggressive tactics and has targeted a wide range of victims, including governments, businesses, schools, and hospitals. Experts estimate LockBit has caused billions of dollars in damages globally and extorted significant sums from its victims.

This incident underscores Indonesia’s vulnerabilities in the face of cyber threats. The country has a history of data breaches, such as the exposure of personal information from a government contact tracing application in 2021 and a leak affecting millions of users of the National Health Care and Social Security Agency (BPJS Kesehatan) in the same year.

LockBit’s Growing Threat in Indonesia

Statistics indicate a concerning rise in LockBit attacks within the country, with a reported 30% increase in incidents targeting small and medium-sized businesses (SMBs) over the past year. These attacks often target critical sectors, with the finance, healthcare, and manufacturing industries being the most impacted.

Further data reveals that the average ransom demand from LockBit attacks in Indonesia during 2022 reached IDR 1.5 billion, which translates to roughly USD 100,000. These figures highlight the financial strain LockBit can inflict on Indonesian organizations.

LockBit: A Global Threat

LockBit is a ransomware family that emerged in 2019 and has since become a significant threat to organizations worldwide. A recent report by Aviom indicates a troubling rise in LockBit attacks, with a staggering 83% increase observed in 2022. The report further highlights concerning trends in LockBit’s attack methods. Phishing emails remain a prevalent tactic, responsible for 44% of attacks, while exploited vulnerabilities account for another 26%.

Perhaps even more alarming is the reported rise in the average ransom demand by LockBit, reaching a staggering $245,000. The report also reveals that 27% of victims succumb to the extortion demands, highlighting the significant financial impact these attacks can have. LockBit’s use of triple-layer encryption further complicates the recovery process for victims, making robust backups a critical defense measure.