Cybersecurity incident in Indonesia: the PDN(S) incident

Budi Rahardjo on the road
30 Jun 202407:46

Summary

TLDRBudhar discusses the recent ransomware attack on Indonesia's National Data Center, possibly due to a variant of LockBit called 'Brain Chipper.' The incident on June 20th disrupted immigration servers and affected government services hosted by the center, causing inconvenience and raising concerns about Indonesia's cybersecurity. Budhar, who runs a cybersecurity company and teaches incident response, seeks to understand the scale of the issue and the lessons to be learned from it.

Takeaways

  • 🌐 The speaker, Budhar, is currently in Shanghai and is posting a video on a secondary channel due to issues with two-factor authentication on his main channel.
  • πŸ’» Budhar discusses a recent incident involving Indonesia's National Data Center (PDN), which was reportedly attacked by a variant of the Locky ransomware called 'Brain Chipper'.
  • πŸ“… The incident is believed to have occurred on June 20th, causing issues with the Indonesian immigration server and affecting the integrated services at the airports.
  • πŸ›‚ The disruption led to the inability to access applications necessary for electronic gate operations, which are part of the virtual machines hosted by the PDN.
  • 🏒 The PDN is hosted by a company called Talom Sigma, which also hosts other companies' services, indicating the widespread impact of the attack.
  • πŸ”’ The ransomware attack targeted the main virtual machine, causing a denial of service for all dependent Indonesian government organizations.
  • πŸ”„ Despite having a disaster recovery center, the PDN's backup site was not operational for an unknown reason, exacerbating the situation.
  • 🚨 Several services were disrupted, and it took several days for some to be restored, highlighting the severity of the incident.
  • πŸ€” Budhar expresses confusion over how the incident occurred and the lack of public information, which limits understanding of the situation.
  • πŸ›οΈ As a professional in cybersecurity and an educator, Budhar feels the need to understand the incident to learn lessons and improve response strategies.
  • 🌍 Budhar compares Indonesia's cybersecurity situation to other countries, noting that the scale of impact is significantly larger due to the country's large population.

Q & A

  • What is the main topic discussed in Budhar's video transcript?

    -The main topic discussed in the video transcript is the ransomware attack on the National Data Center in Indonesia, also known as Pat Data National, and its impact on various services.

  • Why is Budhar unable to access his normal channel?

    -Budhar is unable to access his normal channel due to a two-factor authentication issue that he cannot resolve while traveling.

  • What was the ransomware variant involved in the attack on the National Data Center?

    -The ransomware variant involved in the attack is mentioned as something similar to Locky, possibly called 'brain chipper,' though Budhar is not entirely sure of the exact name.

  • When did the incident with the Indonesian immigration server occur?

    -The incident with the Indonesian immigration server occurred on the 20th of June.

  • What was the immediate impact of the ransomware attack on the Indonesian immigration server?

    -The immediate impact was that the applications and integrated services required for electronic gates at the airports could not be accessed, causing disruptions in immigration processes.

  • Who is hosting the Pat Data National's data center?

    -The data center is hosted by a company referred to as 'talom talcom Sigma,' which is likely a misspelling or mispronunciation of the actual company name.

  • What other services were affected besides the Indonesian government's?

    -Besides the government services, other companies hosted in the same data center were also affected, although the specific companies are not mentioned.

  • What is the role of the Pat Data National in hosting services?

    -The Pat Data National is responsible for hosting more than 200 government services, indicating its critical role in the country's digital infrastructure.

  • Does Budhar have any information about the disaster recovery center's status?

    -Budhar is unsure about the status of the disaster recovery center, as he mentions that it might not be working for some unknown reason.

  • What is Budhar's professional interest in this incident?

    -Budhar is interested in the incident as he runs an Indonesia computer emergency response team, a cybersecurity company, and teaches incident handling at a university, making it crucial for him to understand and learn from this incident.

  • How does Budhar view the cybersecurity situation in Indonesia compared to other countries?

    -Budhar views the cybersecurity situation in Indonesia as similar to other countries, with the main difference being the scale of impact due to Indonesia's large population and internet user base.

  • What is Budhar's final note on the situation?

    -Budhar's final note is that while the incident is a big disaster, it has not created a significant economic disruption in Indonesia, although it has caused inconvenience.

Outlines

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Mindmap

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Keywords

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Highlights

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Transcripts

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now
Rate This
β˜…
β˜…
β˜…
β˜…
β˜…

5.0 / 5 (0 votes)

Related Tags
Ransomware AttackNational Data CenterIndonesiaCybersecurityIncident ResponseGovernment ServicesTravel VlogChangi AirportData BreachVirtual MachinesCybersecurity Education