COLOMBO (News 1st) - The Information and Communication Technology Agency of Sri Lanka has officially confirmed a severe data loss incident affecting all government offices using the "gov.lk" email domain, including the Cabinet Office, due to a large-scale ransomware attack between May 17 and August 26, 2023.
The Cabinet Office is one of the entities within the Lanka Government Network (LGN), utilizing the "[email protected]" email domain.
Crucial government information are exchanged via these email domains.
However, ICTA told News 1st that only some data under the purview of the of the President's Office, Cabinet Office, Ministry of Education, and Ministry of Health were affected by the ransomware attack.
What is a ransomware attack?
Ransomware is a malware designed to deny a user or organization access to files on their computer.
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading.
Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data.
What happened?
ICTA Communications disclosed that the ransomware could have impacted approximately 5,000 email addresses.
Director of Strategic Communications at ICTA Sampath de Silva told News 1st that there was no offline backup for a critical two-and-a-half-month data period.
The online backup system was also compromised, resulting in the loss of emails during this time frame.
How has the ICTA responded to the incident?
Director of Strategic Communications at ICTA Sampath de Silva that in response to this incident, ICTA is implementing the following measures:
Daily Offline Backup: ICTA is instituting daily offline backup processes to prevent future data losses.
Application Upgrade: The relevant application will upgrade to the latest version with enhanced defences against virus attacks.
Can the lost data be recovered?
In collaboration with ICTA, the Sri Lanka Computer Emergency Readiness Team (SLCERT) is actively engaged in efforts to recover the lost data.