Ransomware Attack Hits Sri Lankan Government Offices, Leading to Severe Data Loss

September 11, 2023

The Information and Communication Technology Agency of Sri Lanka (ICTA) has revealed that a ransomware attack between May 17 and August 26, 2023, has impacted several government offices falling under the purview of the President’s Office, Cabinet Office, Ministry of Education, and Ministry of Health.

Sampath de Silva, the Director of Strategic Communications at ICTA, confirmed the severity of the data loss incident, particularly affecting government entities using the "gov.lk" email domain. This breach has raised significant concerns regarding the security of crucial government information exchanged via the Lanka Government Network (LGN) and its "This email address is being protected from spambots. You need JavaScript enabled to view it." email domain.

According to de Silva, approximately 5,000 email addresses may have been affected by the ransomware attack, highlighting the vulnerability of the government's digital infrastructure. Shockingly, there was no offline backup for the critical two-and-a-half-month data period, exacerbating the damage caused by the cyberattack.

Even the online backup system was compromised, leading to the loss of vital emails and sensitive information during this extensive timeframe. The incident underscores the pressing need for enhanced cybersecurity measures within government agencies.

In response to this security breach, Sampath de Silva announced that two crucial measures are being urgently implemented to prevent future data loss. Firstly, daily offline backup processes are being initiated to ensure the preservation of essential data even in the face of cyber threats. Secondly, there are plans to upgrade the relevant applications to the latest versions equipped with enhanced defenses against virus attacks.