A massive ransomware attack that has affected Sri Lanka’s government cloud system, Sri Lanka Government Cloud (LGC).
The investigation is being conducted by the Sri Lanka Computer Emergency Readiness Team and Coordination Center .Sri Lanka’s Information and Communication Technology Agency confirmed the attack to several local news outlets on September 11, 2023.
The attack likely started on August 26, 2023, when a gov[dot]lk domain user said they had received suspicious links over the past few weeks and that someone may have clicked one. LGC services and the backup systems were quickly encrypted. The authorities, estimated all 5000 email addresses using the “gov[dot]lk” email domain, including those used by the Cabinet Office, were affected.
The system and the backup were restored within 12 hours of the attack. However, since the system didn’t have any backup available for the data spanning May 17 to August 26, 2023, all affected accounts have permanently lost data covering this period.
The authorities said their was upgraded to Microsoft Exchange Version 2013 in 2014 and they had planned to upgrade LGC to the latest version (currently Exchange Server 2019 CU11 Oct21SU) from 2021, the decisions had been delayed due to “fund limitations and certain previous board decisions.,”
Following the attack, ICTA has started taking measures to enhance its security, including initiating daily offline backup routines and upgrading the relevant email application to the latest version.
The Sri Lanka CERT|CC is also helping ICTA to retrieve the lost data. The Sri Lankan government had previously been criticized for failing to efficiently promote serious cybersecurity measures within its public administrations and its private sector.