Sri Lanka data incident: ransomware attack hits government
A cyber disaster that could put national security at risk
The Sri Lankan government suffered a major cyber attack that compromised over 5000 email accounts due to outdated software. Backup servers were also compromised, making data recovery difficult. The government will not pay ransom to attackers.
The Sri Lankan government recently disclosed a major data loss incident involving over 5,000 email accounts from May to August 2023. According to authorities, the root cause of this incident was a cyber attack , specifically a ransomware variant. Unfortunately, the situation was further exacerbated by the fact that backup servers were also compromised, making data recovery an extremely difficult undertaking.
Outdated and vulnerable software
The Information and Communication Technology Agency of Sri Lanka (ICTA) identified the main cause of this incident as the use of outdated software, Microsoft Exchange 2013, which is no longer supported by the company. This outdated software had been installed on the Lanka Government Network (LGN), a critical network used by key government entities such as the Cabinet Office, presidential officials, the Ministry of Education and the Ministry of Health. The implications of this major data breach could prove disastrous, given the sensitivity of the data involved.
Financial problems and delays in updates
According to Mahesh Perera, CEO of ICTA, all Gov.lk email accounts were compromised by the malware attack, which was first discovered on August 26 this year. While he didn't specifically characterize this as a software update failure, he suggested that necessary revisions to Microsoft Exchange services had been delayed since 2021. Unfortunately, the update plans had been stalled due to financial constraints in the budget government and global economic challenges faced by the country.
Refusal to negotiate with the attackers
Perera clarified that the Sri Lankan government has no intention of negotiating or paying any ransom to the perpetrators of the cyber attack. In other words, no extortion requests will be considered. At the moment, there is still no official confirmation on the identity of the attackers, although an unofficial source suggested attributing the incident to the LockBit Ransomware or the Russian-speaking BlackCat crime group. Importantly, this incident occurred against a backdrop of high inflation and depreciation of the rupee in Sri Lanka, further exacerbating the challenges facing the country.
Follow us on Google News for more pills like this09/11/2023 12:45
Marco Verro