Mayakshi
Learning Centre for Cyber Security & Privacy Professionals
Kevin Poireault
11 Sept 2023
Investigations have begun into a massive ransomware attack that has affected Sri Lanka’s government cloud system, Lanka Government Cloud (LGC).
The attack likely started on August 26, 2023, when a gov[dot]lk domain user said they had received suspicious links over the past few weeks and that someone may have clicked one.
LGC services and the backup systems were quickly encrypted. Mahesh Perera, CEO at ICTA, estimated all 5000 email addresses using the “gov[dot]lk” email domain, including those used by the Cabinet Office, were affected.
The system and the backup were restored within 12 hours of the attack.
However, since the system didn’t have any backup available for the data spanning May 17 to August 26, 2023, all affected accounts have permanently lost data covering this period.
The investigation is being conducted by the Sri Lanka Computer Emergency Readiness Team and Coordination Center (CERT|CC). Sri Lanka’s Information and Communication Technology Agency (ICTA) confirmed the attack to several local news outlets on September 11, 2023.
Reason - Obselete Software
Perera told the press that LGC was introduced in 2007 and first used Microsoft Exchange Version 2003, but was updated to Microsoft Exchange Version 2013 in 2014.
“This was in use till the attack. But that version is now obsolete, outdated and vulnerable to various types of attacks,” he said.