Sri Lanka’s government email network suffered a significant ransomware attack that resulted in the loss of several months’ worth of data across thousands of email accounts, including those used by high-ranking government officials.
Furthermore, this cyberattack began in late August and impacted nearly 5,000 email addresses using the gov.lk email domain, including members of the central government council. The targeted system, Lanka Government Cloud (LGC), was encrypted along with its backups, and although it was restored within 12 hours, data from May 17 to August 26 couldn’t be recovered.
Additionally, the Sri Lankan government’s Computer Emergency Response Team (CERT|CC) has initiated an investigation to recover the lost data. Authorities have confirmed that they have no intentions of negotiating with the attackers or paying a ransom to retrieve the lost information.
The identity of the hacking group behind the incident remains unknown, but it’s believed that they might have exploited vulnerabilities in an outdated version of Microsoft Exchange that hadn’t been updated. Plans to upgrade the system in 2021 were delayed due to budget constraints.
This incident highlights the need for improved cybersecurity measures in Sri Lanka, as the country lacks a dedicated cybersecurity authority and only introduced cybersecurity legislation in June of this year. To enhance security, the Sri Lankan government’s Information and Communication Technology Agency (ICTA) is taking steps such as implementing daily offline backups and updating the email application to the latest version.
