what you expect lo, hire all those cap ayam programmers that doesn't even know the basic security rules like OWSAP.

Data being encrypted then backup won't really help, when the system is online all the time and there are many new records being created all the time. If you restore the backup before the data being encrypted, then all those records are lost. Even the audit trail or secondary realtime data trail might have been encrypted so they cannot be restored. And you cannot explain to the public that from certain date onward all your records with DBKL has been lost so if it involves money or application requests, then tough luck we don't really know what happened to them. That just won't work.

But I do think our national cyber unit is quite knowledgeable. They might be doing analysis of the compromised systems now and try to recover encryption keys if proper measure have been put in place earlier. But that could take time.