Ransomware targets over 5000 government email addresses


    The Sri Lankan Government has recently reported a significant data loss incident involving over 5000 email accounts spanning from May to August 2023. The primary cause of this data loss was identified as a cyber attack, specifically a ransomware variant. Unfortunately, the situation has been exacerbated by the fact that even the backup servers were compromised, making data recovery a daunting challenge.

    According to the Information and Communication Technology Agency of Sri Lanka (ICTA), the root cause of this incident lies in the usage of outdated Microsoft Exchange 2013 software, which is no longer supported by Microsoft. This outdated software was in use on the Lanka Government Network (LGN), a critical network utilized by key government entities such as the Cabinet Office, Presidential Officials, Ministry of Education, and Ministry of Health. The implications of this cyber incident could prove to be dire, given the sensitive nature of the data involved.

    Mahesh Perera, the CEO of ICTA, issued a statement acknowledging that all Gov.lk email accounts fell victim to the malware attack, which was first identified on August 26th of this year. He did not explicitly label this incident as a software upgrade failure; however, he did imply that the need for upgrading the Microsoft Exchange services had been pending since 2021. Unfortunately, these upgrade plans had been stalled due to financial constraints within the government’s budget and the overall economic challenges faced by the country.

    Mr. Perera clarified that the government has no intentions of negotiating with the perpetrators of the attack. In other words, no ransom demands will be entertained.

    While an unofficial source in Sri Lanka leaked information on a Telegram channel, attributing the incident to the LockBit Ransomware or the Russian-speaking BlackCat gang, there has been no official confirmation regarding the identity of the attackers.

    It’s worth noting that this incident unfolded against the backdrop of Sri Lanka grappling with high inflation and the depreciation of the Sri Lankan Rupee in international markets, further compounding the challenges faced by the country.



    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display