Sri Lanka’s government data lost in a ransomware attack

The attack resulted in the permanent loss of data from all 5,000 affected accounts.

 Flag

Sri Lanka’s government cloud system, the Lanka Government Cloud (LGC), has been hit by a massive ransomware attack, which was confirmed by Sri Lanka’s Information and Communication Technology Agency (ICTA) on 11 September 2023. All 5,000 affected accounts have permanently lost data from 17 May to 26 August 2023.

In the aftermath of the attack, the ICTA has begun to take measures to strengthen its security, including the initiation of daily offline backup routines and the upgrade of the relevant email application to the latest version. The LGC was introduced in 2007 and has not been updated to the latest version since 2014 due to ‘funding constraints and certain previous board decisions’.

The investigation is being conducted by Sri Lanka’s Computer Emergency Readiness Team and Coordination Center. According to the investigation, it is likely that the attack started on 26 August 2023, when a user of the gov[dot]lk domain reported that he had received suspicious links in the last few weeks and that someone might have clicked on one of them.

The Sri Lankan government unveiled a long-delayed cybersecurity bill in June 2023, which decided to establish the first national cybersecurity authority. However, the government has previously been criticised for its lack of effective promotion of serious cybersecurity measures within its public administration and private sector.