Sri Lanka’s government data lost in a ransomware attack
The attack resulted in the permanent loss of data from all 5,000 affected accounts.
Sri Lanka’s government cloud system, the Lanka Government Cloud (LGC), has been hit by a massive ransomware attack, which was confirmed by Sri Lanka’s Information and Communication Technology Agency (ICTA) on 11 September 2023. All 5,000 affected accounts have permanently lost data from 17 May to 26 August 2023.
In the aftermath of the attack, the ICTA has begun to take measures to strengthen its security, including the initiation of daily offline backup routines and the upgrade of the relevant email application to the latest version. The LGC was introduced in 2007 and has not been updated to the latest version since 2014 due to ‘funding constraints and certain previous board decisions’.
The investigation is being conducted by Sri Lanka’s Computer Emergency Readiness Team and Coordination Center. According to the investigation, it is likely that the attack started on 26 August 2023, when a user of the gov[dot]lk domain reported that he had received suspicious links in the last few weeks and that someone might have clicked on one of them.
The Sri Lankan government unveiled a long-delayed cybersecurity bill in June 2023, which decided to establish the first national cybersecurity authority. However, the government has previously been criticised for its lack of effective promotion of serious cybersecurity measures within its public administration and private sector.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.