Rolling back ransomware

Recently, Indonesia was rocked by a significant ransomware attack that targeted the National Data Center (PDNC), demanding a ransom of $US8 million.

This incident triggered a massive data crisis, exposing serious weaknesses in security systems and resulting in the disruption of numerous governments.

Govt refuses to pay $8 million after ransomware attack on national data center – Politics – The Jakarta Post #jakpost https://t.co/HYgJqZ1a8b pic.twitter.com/pyb0r7D0oZ

Ransomware has become a rising threat within government and academic circles, recognised as one of the most dangerous in the cybersecurity realm, both in Indonesia and globally.

What is Ransomware?

Ransomware is malicious software used by hackers to lock access to a victim’s data and demand a ransom for its recovery.

“It infects not only computers but also targets mobile devices and the Internet of Things, showing that our entire digital ecosystem is vulnerable, says Dr. Erza Aminanto, Assistant Professor and Course Coordinator in Master of Cybersecurity at Monash University, Indonesia.

“Even advanced countries like the UK, which boast robust cyber agencies and expert academics, are not immune to ransomware attacks.

“This is because ransomware exploits rapid technological advancements as well as human vulnerabilities. Thus, it’s crucial for every country, including Indonesia, to strengthen its cybersecurity and enhance the cyber management knowledge of stakeholders involved with critical data to face these threats.”

In a recent attack in the UK in early June 2024, the ransomware had a devastating impact, threatening hundreds of lives. It paralysed healthcare services in several hospitals and pathology centres, causing blood donation services to halt for days.

This urgent situation is a tactic used by hackers to pressure their victims to meet their demands.

Indonesia faces a similar threat, although the details and chronology of how the recent attack began are not yet fully clear.

“This further underscores the importance of building a robust and responsive cybersecurity system to counter increasingly sophisticated ransomware attacks,” Dr Aminanto says.

How Does Ransomware Work?

From a cybersecurity perspective, one possible way ransomware infiltrates is through seemingly legitimate phishing emails.

Once inside via phishing, the infiltrators gain access to internal networks and encrypt crucial data, then lock it and pressure the victim to pay the ransom.

The magnitude of this threat is evident from the high ransom demands and the severe consequences of ransomware attacks, which can halt data services and exploit sensitive information leaks for further attacks.

Moreover, the major impacts of the ransomware attack on the PDCN include significant financial losses for the country, whether by paying the ransom or recovering data and repairing systems.

“Both options must be critically and thoroughly considered,” Dr Aminanto says.

“Data service disruptions can affect various sectors reliant on this data, including public services, healthcare, and education.

“Such attacks also damage public trust in the government’s ability to protect data security. Worse, stolen data could be used for further attacks, either directly by the attackers or sold to third parties.”

Preventing Ransomware Attacks

What lessons can we learn to anticipate ransomware attacks? Several strategies can be implemented.

Firstly, all crucial data should be backed up regularly and stored in a separate location to minimise data loss. Backups should be encrypted and routinely tested to ensure they can be correctly restored.

Secondly, introducing redundancies to reduce the total system failure risk is vital. Redundancies could include dual hardware, cloud storage, or backup servers ready to operate if the primary system fails.

Thirdly, establishing a Data Recovery Centre (DRC) that can operate immediately if the main system is disrupted is essential. The DRC should have infrastructure equal to or better than the main system to ensure seamless operations.

Further steps include enhancing compliance and enforcing penalties to ensure all entities follow established security standards.

This includes law enforcement against cyberattack perpetrators and service providers, along with implementing strict regulations.

Additionally, regular training for employees on cyber threats and identification methods is crucial, as employee awareness is the first line of defence against ransomware via phishing or other social attack methods.

“Using network monitoring tools and intrusion detection systems to identify suspicious activities, along with rapid and effective incident response, can minimise the damage caused by ransomware attacks,” Dr Aminanto says.

“Using updated antivirus and anti-malware software on all endpoint devices, including computers, laptops, smartphones, and IoT devices, is another preventive measure.

“Finally, encrypting stored and transmitted data to protect sensitive information from unauthorised access is crucial, as encryption makes it unreadable to attackers even if they steal it.”

Implementing these security measures is not easy. It requires significant investment in infrastructure, technology, and human resources.

Ransomware threats continue to evolve, with cybercriminals always seeking new ways to breach defences. Therefore, a proactive, adaptive, and collaborative approach is crucial.

This includes public-private sector collaboration where the government must work with technology companies and non-governmental organisations to share information and resources in facing cyber threats.

Initiatives could include a national cyber incident response centre, cybersecurity training programs, and public awareness campaigns.

Ransomware is just one of many potential attacks on a nation’s critical data.

In the case of Indonesia, Dr Aminanto says the government must prepare more capable technology and human resources for various attacks, from minor cybersecurity breaches to major cyber warfare.

“In this context, the government should leverage artificial intelligence (AI) and machine learning (ML) technologies to enhance cybersecurity.

“Advances in AI and ML can be used to analyse network traffic patterns, detect anomalies, and respond to incidents automatically.

“These technologies can also aid in cyber forensics to identify the source of attacks and mitigate further risks. Along with leveraging AI and ML, cybersecurity regulations and policies must continuously be updated to address evolving threats.

“The government must ensure these regulations cover not only the public sector but also the private sector, including small and medium-sized enterprises often targeted in cyberattacks.

“The ransomware attack on the PDN is a stark reminder of our digital infrastructure’s vulnerability. However, by implementing the right preventative measures and increasing awareness of cyber threats, we can strengthen our defences and reduce future attack risks,” he says.

“This initiative is vital not only for data security but also for restoring and maintaining public trust in the government and private sector’s ability to manage and protect information.

“With strong collaboration, the right investments, and ongoing commitment, we can build a safer and more resilient digital ecosystem.

“This is a joint task requiring participation from all parties, from individuals and businesses to the government. Only through such efforts can we overcome ransomware threats and ensure a secure and assured digital future.

This article was published by Lens.