It has been reported that Sri Lanka’s government cloud system, known as Lanka Government Cloud (LGC), fell victim to a crippling ransomware attack. The attack, which began on August 26, 2023, was first brought to attention when a gov[dot]lk domain user reported receiving suspicious links. This incident marks a significant breach in the country’s cybersecurity infrastructure, raising concerns about the vulnerability of sensitive government systems.
Encryption of LGC Services
Upon detection of the attack, the perpetrators quickly managed to encrypt various LGC services and backup systems, causing widespread disruption. Disturbingly, all 5,000 email addresses associated with the ‘gov[dot]lk’ domain, including those used by the Cabinet Office, were severely impacted. This incident has shed light on the potential repercussions of cyberattacks on critical governmental communication channels.
Efficient restoration, but irretrievable data loss
Prompt and decisive action was taken by the authorities to mitigate the attack’s impact. The LGC system and backup were successfully restored within a commendable 12-hour period. However, the affected accounts unfortunately suffered permanent data loss spanning from May 17 to August 26, 2023. This loss highlights the importance of robust data backup strategies and serves as a cautionary tale for organizations to regularly update their security systems.
Outdated and vulnerable Microsoft Exchange version
An alarming discovery made during the investigation is that the LGC system was running an obsolete and vulnerable version of Microsoft Exchange. The failure to update the system was attributed to budget limitations and previous decisions, underscoring the critical need for prioritizing cybersecurity investments. This incident serves as a wake-up call for organizations to remain vigilant and proactive in ensuring their systems’ security.
Collaboration with Sri Lanka CERT|CC
To address the devastating impact of the attack and aid in the recovery process, the Sri Lanka Computer Emergency Readiness Team – Coordination Center (CERT|CC) has been actively involved. The CERT|CC has been working to retrieve the lost data and investigate the extent of the breach. Their expertise and assistance in dealing with the aftermath of the attack will be crucial in preventing future cybersecurity incidents.
Measures taken to enhance security
Recognizing the urgency and gravity of the situation, the Information and Communication Technology Agency (ICTA) has initiated various measures to enhance the security of government systems. This includes implementing daily offline backup routines to ensure the availability of critical data in the event of another attack. Additionally, efforts are underway to upgrade the email application, reinforcing the importance of using up-to-date software to safeguard against emerging threats.
Introduction of cybersecurity legislation
In response to this high-profile attack and the growing threat landscape, the Sri Lankan government unveiled long-delayed cybersecurity legislation in June 2023. The introduction of this legislation marks a significant step towards safeguarding the nation’s digital assets and protecting its critical infrastructure. The legislation will establish Sri Lanka’s first-ever cybersecurity national authority, which will work to strengthen the country’s cybersecurity capabilities and promote a proactive approach to defense against cyber threats.
The ransomware attack on Sri Lanka’s government cloud system, Lanka Government Cloud, has exposed significant vulnerabilities in the country’s cybersecurity infrastructure. The incident highlights the critical need for robust and up-to-date security measures to protect sensitive government systems. The effective restoration of services and collaboration with Sri Lanka CERT|CC demonstrates the importance of a coordinated response to mitigate the impact of cyberattacks. Furthermore, the introduction of cybersecurity legislation and the establishment of a cybersecurity national authority signify the government’s commitment to fortifying its cyber defenses. Moving forward, continued investment and implementation of best practices are crucial in securing Sri Lanka’s digital landscape and safeguarding critical national assets.