Ransomware attack hits Sri Lanka government, causing data loss
Running unsupported and unpatched versions of Exchange Server will do that to a country
Sri Lanka's Computer Emergency Readiness Team (CERT) is currently investigating a ransomware attack on the government's cloud infrastructure that affected around 5,000 email accounts, it revealed on Tuesday.
On Sunday, local media reported that the country's Information and Communication Technology Agency (ICTA) had confirmed a severe data loss incident for all government offices using the gov.lk email domain – including the Cabinet Office, presidential officials, the Ministry of Education and the Ministry of Health.
The breach is believed to have occurred sometime between May 17 and the date it was discovered: August 26. The attack reportedly also compromised backup servers.
As there was no backup system for two months, some lost emails are unrecoverable. ICTA has reportedly now instituted daily offline backup protocols.
- Microsoft: For better security, scan more Exchange server objects
- It's 2023 and Sri Lanka doesn't have a cyber security authority
- Microsoft accused of spending millions on bribes to seal business deals
- Japan, Australia to bolster cyber-defenses, maybe offensive capacity too
The attackers likely gained access to government systems using phishing schemes targeting civil servants, and took advantage of the use of outdated software. The government was using Microsoft Exchange 2013, for which its maker stopped support on April 11 this year.
CEO of ICTA, Mahesh Perera, reportedly admitted that updates to the system were targeted for 2021 but delayed due to budget constraints. He also made clear there was no intention to negotiate any ransom.
Sri Lanka ranks 83rd out of 175 countries in the National Cyber Security Index. In May of this year, it confirmed it would finally create a cyber security authority. The authority was established through the country's Cyber Security Bill as part of a wider strategy.
At that time, Sri Lanka CERT chairman Rohan Muttiah told The Register Sri Lanka had an existing strategy covering the period 2019–2023. "We are being assisted in this implementation by Cyber4Dev that is funded by the European Union," he said. ®