AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Sri Lanka data incident: ransomware attack hits government

A cyber disaster that could put national security at risk

The Sri Lankan government suffered a major cyber attack that compromised over 5000 email accounts due to outdated software. Backup servers were also compromised, making data recovery difficult. The government will not pay ransom to attackers.

This pill is also available in Italian language

The Sri Lankan government recently disclosed a major data loss incident involving over 5,000 email accounts from May to August 2023. According to authorities, the root cause of this incident was a cyber attack , specifically a ransomware variant. Unfortunately, the situation was further exacerbated by the fact that backup servers were also compromised, making data recovery an extremely difficult undertaking.

Outdated and vulnerable software

The Information and Communication Technology Agency of Sri Lanka (ICTA) identified the main cause of this incident as the use of outdated software, Microsoft Exchange 2013, which is no longer supported by the company. This outdated software had been installed on the Lanka Government Network (LGN), a critical network used by key government entities such as the Cabinet Office, presidential officials, the Ministry of Education and the Ministry of Health. The implications of this major data breach could prove disastrous, given the sensitivity of the data involved.

Financial problems and delays in updates

According to Mahesh Perera, CEO of ICTA, all Gov.lk email accounts were compromised by the malware attack, which was first discovered on August 26 this year. While he didn't specifically characterize this as a software update failure, he suggested that necessary revisions to Microsoft Exchange services had been delayed since 2021. Unfortunately, the update plans had been stalled due to financial constraints in the budget government and global economic challenges faced by the country.

Refusal to negotiate with the attackers

Perera clarified that the Sri Lankan government has no intention of negotiating or paying any ransom to the perpetrators of the cyber attack. In other words, no extortion requests will be considered. At the moment, there is still no official confirmation on the identity of the attackers, although an unofficial source suggested attributing the incident to the LockBit Ransomware or the Russian-speaking BlackCat crime group. Importantly, this incident occurred against a backdrop of high inflation and depreciation of the rupee in Sri Lanka, further exacerbating the challenges facing the country.

Follow us on WhatsApp for more pills like this

09/11/2023 12:45

Marco Verro

Last pills

Zero-day threat on Android devices: Samsung prepares a crucial updateFind out how Samsung is addressing critical Android vulnerabilities and protecting Galaxy devices from cyber threats

CrowdStrike: how a security update crippled the tech worldGlobal impact of a security update on banking, transportation and cloud services: what happened and how the crisis is being addressed

Checkmate the criminal networks: the Interpol operation that reveals the invisibleFind out how Operation Interpol exposed digital fraudsters and traffickers through extraordinary global collaboration, seizing luxury goods and false documents

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report