Bulk of Indonesia Data Hit by Cyberattack Not Backed Up, Officials Say

Indonesian President Joko Widodo ordered on Friday an audit of government data centres after officials said the bulk of data affected by a recent ransomware cyberattack was not backed up, exposing the country's vulnerability to such attacks. From a report: Last week's cyberattack, the worst in Indonesia in recent years, has disrupted multiple government services including immigration and operations at major airports. The government has said more than 230 public agencies, including ministries, had been affected, but has refused to pay an $8 million ransom demanded to retrieve the encrypted data.

Responding to the cyberattack, Indonesia's state auditor said the president instructed it to examine the country's data centres. The audit would cover "governance and the financial aspect", said Muhammad Yusuf Ateh, who heads Indonesia's Development and Finance Controller, after attending a cabinet meeting led by Widodo on Friday. Hinsa Siburian, an official who chairs Indonesia's cyber security agency known by its acronym BSSN, has said 98% of the government data stored in one of the two compromised data centres had not been backed up.

If you only have one copy

[Mal-2]

If you only have one copy of anything, then you must accept the relatively high probability that at some point, you'll have zero copies.

Re:

[Dan667]

and if you have more than one copy you have to accept you will have only the number of copies that you can successfully restore. If you never test your backups you will also more than likely end up with zero copies.

Re:If you only have one copy

[93 Escort Wagon]

Yeah, it drives me batty how hard it can be to convince people to back up their data - even when their livelihoods depend on that data.

Re:If you only have one copy

[LazarusQLong]

it is amazing to me that so many organizations accept the risk of not backing stuff up, because of some cost associated. When I used to be a consultant, many of my clients would turn off the scripts I would install to automatically back their stuff up every night. When I would discover this, they always had some stupid cost related excuse. I recall one, this importer of traditional Chinese medical products, they lost a weeks worth of sales because

A) they turned off the automated backup software I had installed for them

B) they took the RAID I had installed for them to be backing up to, and gave it to their marketing department to use, rather than just buying more hard drives for marketing. (marketing was like 5 people and it was the largest dept in this tiny little import company.)

And C) They didn't tell me about any of this, but instead called me up and asked me where their backups were! When I got done with them on the phone I told them that because of their actions to circumvent the automated processes i had put in for them, their data was GONE and they were at fault for having lost it. All because they didn't want to spend a grand or two on new hard drives for marketing.

Back in those days I sold the parts at cost, and made my money on install and configuration. After that phone call, well, let's just say, my pricing model changed.

usual suspects

[Big Hairy Gorilla]

Funny, you know lockbit.. is that for MICROSOFT by any chance?

https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/lockbit#how-it-works
LockBit 2.0 primarily targets Windows systems, although some newer variations have been modified to attack Linux-based data center virtualization environments, including VMWare ESXi virtual machines.

Welly, welly, well...
ohhh... VMWare too... Shocker/s

Note to executives and MBA's everywhere: outsourcing your brain to Microsoft is a critical erro

Re:

[gweihir]

Note to executives and MBA's everywhere: outsourcing your brain to Microsoft is a critical error

Hahaha, yes. They usually call that "strategy", I call it "unconditional surrender".

Re:

[Big Hairy Gorilla]

Apple really nailed it with (very old news) "There's an App for that"
At this point, I propose that the "tools" we use, mostly cellphones, have trained people to be docile idiots.

I'm disturbed at how often recently, I have had to explain to people *who have been using this technology for 20 years* how to use a mouse or how to touch a phone screen... turns out there's a difference between a tap and a long touch...

Ransom

[dhaen]

Good on them for not paying the ransom. People who do, just encourage the criminals.

People everywhere undervalue backups

[Tony Isaac]

It's kind of like savings accounts, which provide margin--a way to recover when disaster strikes. How many people actually put money in savings every paycheck? Certainly not a majority, even though failing to do so has dire consequences.

Backups are like a savings account. They too provide "margin"--a way to recover when disaster strikes. It's worth spending money on good backups, whether that's a hardware device or cloud, even for individuals.

Sooner or later, disaster *will* strike.

Backups are expensive

[gweihir]

Not having them, not testing them adequately or not having WORM or write-protected backups is massively more expensive. I guess the incompetent have to find that out time and again.

More spae

[manu0601]

IT users always want more space. They rarely have concerns about how the petabytes could be backed up.