Last week, authorities verified that a ransomware attack had targeted nearly 5,000 government email addresses in Sri Lanka, causing critical data loss. Significantly, the attack also impacted the country’s central government, specifically its council of ministers.
Mahesh Perera, head of Sri Lanka’s Information and Communication Technology Agency (ICTA), stated that while they restored the system in 12 hours, data loss was substantial.
Unfortunately, there were no backups for data between May 17 and August 26 of this year. Therefore, many accounts lost important information that can’t be recovered.
The country’s Computer Emergency Response Team (CERT) has since launched a thorough investigation to find the perpetrators and recover the lost data. Sri Lanka’s government has made it clear it won’t negotiate with the hackers or pay any ransom.
Critics have long been pointing out Sri Lanka’s poor attention to cybersecurity. Shockingly, the country only introduced cybersecurity legislation this past June and does not have a dedicated national authority for cybersecurity.
Yet, Mahesh Perera admitted that the agency knew their Microsoft Exchange software was out of date and vulnerable. Plans to upgrade had been on hold since 2021 due to budget limitations and previous board decisions.
Immediate Steps Taken for Stronger Security
In the wake of this disaster, ICTA is taking drastic measures to improve its cybersecurity infrastructure. This includes starting daily offline backups and updating the email application to the latest version.
Furthermore, both ICTA and the Sri Lanka Computer Emergency Readiness Team are making concerted efforts to recover what can be saved from the lost data.
According to ICTA, the hack began near the end of August, and it’s suspected that malicious links sent to government employees might have been the entry point.
Specifically, an outdated version of Microsoft Exchange was likely exploited. When asked about this, Mahesh Perera agreed that the outdated software made their system vulnerable to attacks.
This attack could be a wake-up call for the country to prioritize cybersecurity. Subsequently, the country is in a rush to set up its first cybersecurity national authority following this incident.
Moreover, this attack has brought to light the need for immediate action on cybersecurity, not just in Sri Lanka but globally. After all, cyber threats are a universal issue that can impact any country, big or small.
Meanwhile, SLCERT has issued a public warning to all Sri Lankan nationals about an ongoing phishing scam.
In summary, the Sri Lankan government suffered a devastating ransomware attack affecting thousands of official email accounts and resulting in significant data loss. This has led to an urgent reevaluation of the country’s cybersecurity measures. Undoubtedly, the incident serves as a critical lesson for governments worldwide to fortify their digital infrastructures.