In September 2023, Sri Lanka faced a significant cyber threat that wiped out a considerable amount of government data. Here’s a detailed look into the incident:

The Attack

On September 11, 2023, the Sri Lankan government’s cloud system, known as Lanka Government Cloud (LGC), fell victim to a massive ransomware attack. The Sri Lanka Computer Emergency Readiness Team and Coordination Center (CERT|CC) spearheaded the investigation into this breach.

The initial signs of the attack were noticed on August 26, 2023, when a user with a gov.lk domain reported receiving suspicious links over the preceding weeks. It is believed that the attack was triggered when someone clicked on one of these malicious links.

Impact and Consequences

The ransomware swiftly encrypted LGC services and their backup systems. Mahesh Perera, the CEO of Sri Lanka’s Information and Communication Technology Agency (ICTA), revealed that approximately 5,000 email addresses under the “gov.lk” domain were affected. This included email accounts used by the Cabinet Office.

While the system and its backup were restored within 12 hours of the attack, there was a significant data loss. The system lacked backup for data from May 17 to August 26, 2023, resulting in the permanent loss of data for all affected accounts during this period.

Measures Taken

In response to the attack, ICTA has initiated several security enhancement measures. These include the implementation of daily offline backup routines and updating the email application to its latest version. The Sri Lanka CERT|CC is also assisting ICTA in efforts to retrieve the lost data.

Broader Implications

This incident has brought to light the Sri Lankan government’s previous shortcomings in promoting robust cybersecurity measures across its public and private sectors. The nation ranks 83rd out of 175 countries in the Estonia-based e-Governance Academy Foundation’s National Cyber Security Index. However, in June 2023, the Sri Lankan government introduced its first-ever cybersecurity national authority as part of its long-delayed cybersecurity legislation.

The attack serves as a stark reminder of the importance of cybersecurity