The Information and Communication Technology Agency of Sri Lanka ICTA has confirmed a severe data loss incident affecting all government offices using the gov.lk email domain, due to a large-scale ransomware attack between May 17 and August 26, 2023, reports SundayTimes.
The virus could have affected around 5,000 email addresses, ICTA CEO Mahesh Perera said, admitting that there was no offline backup for around two-and-a-half month’s worth of data. Since the online backup system had also been corrupted, users lost emails for that period. The Cabinet Office is among the entities in the Lanka Government Network (LGN). It uses the email@example.com email domain.
Following the attack, ICTA is taking measures to start daily offline backup and to upgrade the relevant application to the latest version which has stronger defences against virus attacks. And the Sri Lanka Computer Emergency Readiness Team (SLCERT) is working closely with ICTA to try and retrieve the lost data, Mr. Perera said.
The LGN is the Government-owned private network that was introduced to connect Government organisations in what the ICTA maintains is “a cost-effective and secure manner”.
The service is being provided from 2007, Mr. Perera said. “Initially, we used Microsoft Exchange Version 2003,” he explained. “The email facility was given to Government offices. In 2014, it was upgraded to Microsoft Exchange Version 2013. This was in use till the attack. But that version is now obsolete, outdated and vulnerable to various types of attacks.”
One gov.lk domain user said that their official email had been receiving suspicious links over the past few weeks and that someone may have clicked one, triggering the ransomware attack. ICTA had planned from 2021 to upgrade the email facility to the latest version but had been constrained by fund limitations and certain previous board decisions, the CEO said.
The ICTA, the agency responsible for spearheading technological advancements and data security in Sri Lanka, disclosed that the cyberattack causing severe disruptions across the government’s email infrastructure. The incident has raised significant concerns about the country’s cybersecurity preparedness.
Meanwhile, Sri Lanka Computer Emergency Readiness Team informs the public to be aware of text messages received on mobile phones claiming to be from various financial institutions.