“The police will collaborate with all relevant stakeholders in handling [the cyberattack] incident and of course, we will look into” the possibility of opening a criminal investigation, spokesperson Insp. Gen. Sandi Nugroho said on Tuesday, as quoted by Antara.

The temporary facility in East Java capital Surabaya was hit by a ransomware attack on June 20, which disrupted immigration services at Soekarno-Hatta International Airport in Greater Jakarta and student enrollment at state schools in Dumai, Riau.

It remains unclear who was responsible for the attack, but the Communications and Information Ministry was adamant that the government would not pay the US$8 million ransom the attackers demanded.

The National Cyber and Encryption Agency (BSSN) said the attackers used a new ransomware called Brain Cipher, an updated version of LockBit 3.0.

Read also: Ransomware attack puts pressure on govt to fix digital infrastructure

State-owned communications company PT Telkom Indonesia reported that 282 databases belonging to central and regional administrations linked to the temporary data center in Surabaya were still affected by the breach as of Tuesday, according to a press release from the communications ministry.

Telkom subsidiary Telkomsigma operates the Surabaya facility, where data recovery processes are ongoing.

Database access has been restored for several agencies, including the Immigration Office, the Office of the Coordinating Maritime Affairs and Investment Minister, the Kediri municipal administration in East Java and the National Procurement Agency (LKPP), which have resumed public services.

Last Thursday’s breach had also disrupted enrollment at state schools in Dumai, Riau, Tempo.co reported.