COLOMBO: Sri Lanka’s government cloud system, known as Lanka Government Cloud (LGC), fell victim to a massive ransomware attack. The breach, which began on August 26, 2023, has raised significant concerns about the country’s cybersecurity measures.
The Investigation Begins
The Sri Lanka Computer Emergency Readiness Team and Coordination Center (CERT|CC) has launched an extensive investigation into the cyberattack. Sri Lanka’s Information and Communication Technology Agency (ICTA) confirmed the incident, shedding light on the severity of the breach.
The attack’s origins trace back to a gov[dot]lk domain user who reported receiving suspicious links in the weeks leading up to the breach. It is believed that someone may have inadvertently clicked on one of these malicious links, providing the attackers with an entry point.
LGC Services and Data Encryption
The repercussions of the attack were swift and far-reaching. The perpetrators quickly encrypted LGC services, crippling government operations. Mahesh Perera, CEO at ICTA, estimated that all 5000 email addresses utilizing the “gov[dot]lk” email domain, including those of the Cabinet Office, were affected.
Rapid Response and Data Loss
Government officials acted swiftly to restore the system and its backup, successfully bringing it back online within 12 hours of the attack. However, a significant setback emerged as the system lacked a backup for data spanning from May 17 to August 26, 2023. As a result, all accounts within this period have suffered permanent data loss.
Security Failings Unveiled
Mahesh Perera addressed the media, shedding light on security vulnerabilities within the LGC system. He revealed that the system had been using Microsoft Exchange Version 2013, which was deemed obsolete and outdated, making it susceptible to various cyber threats. Despite plans to upgrade to the latest version, these efforts were hampered by financial constraints and prior board decisions.
Strengthening Cybersecurity Measures
In the wake of this devastating attack, ICTA has taken immediate steps to bolster its cybersecurity defenses. Measures include implementing daily offline backup routines and upgrading the email application to the latest version. Additionally, the Sri Lanka CERT|CC is actively assisting ICTA in the recovery of lost data.
Sri Lanka’s Cybersecurity Standing
Sri Lanka has faced criticism in the past for its inadequate cybersecurity measures in both public administrations and the private sector. The nation currently ranks 83rd out of 175 countries on the National Cyber Security Index compiled by the Estonia-based e-Governance Academy Foundation.
A Step Towards Improvement
In an effort to address these concerns, the Sri Lankan government introduced cybersecurity legislation in June 2023. This legislation paves the way for the establishment of the country’s first-ever cybersecurity national authority, marking a crucial step towards enhancing the nation’s cybersecurity posture.
The repercussions of this ransomware attack serve as a stark reminder of the importance of robust cybersecurity measures in an increasingly digital world. Authorities are working tirelessly to prevent future breaches and protect critical government infrastructure.
- Massive ransomware attack hits Sri Lanka’s government cloud system, Lanka Government Cloud (LGC).
- Investigation underway led by the Sri Lanka Computer Emergency Readiness Team and Coordination Center (CERT|CC).
- Attack likely started due to a user clicking on suspicious links, encrypting LGC services and backups.
- Swift restoration of the system but permanent data loss for accounts spanning May 17 to August 26, 2023.
- CEO Mahesh Perera reveals security failings, citing the use of outdated software in LGC.
- Sri Lanka’s commitment to enhancing cybersecurity with daily offline backups and email application upgrades.
Follow The420.in on