Sri Lanka’s Computer Emergency Readiness Team (CERT) is currently investigating a ransomware attack on the government’s cloud infrastructure that affected around 5,000 email accounts, it revealed on Tuesday.
While a LinkedIn post from CERT cited cloud infrastructure, an alert uploaded to the organization’s website on Monday specified that an attack was made on the government email system.
On Sunday, local media reported that the country’s Information and Communication Technology Agency (ICTA) had confirmed a severe data loss incident for all government offices using the gov.lk email domain – including the Cabinet Office, presidential officials, the Ministry of Education and the Ministry of Health.
The breach is believed to have occurred sometime between May 17 and the date it was discovered: August 26. The attack reportedly also compromised backup servers.
As there was no backup system for two months, some lost emails are unrecoverable. ICTA has reportedly now instituted daily offline backup protocols.
The attackers likely gained access to government systems using phishing schemes targeting civil servants, and took advantage of the use of outdated software. The government was using Microsoft Exchange 2013, for which its maker stopped support on April 11 this year.
CEO of ICTA, Mahesh Perera, reportedly admitted that updates to the system were targeted for 2021 but delayed due to budget constraints. He also made clear there was no intention to negotiate any ransom.
Sri Lanka ranks 83rd out of 175 countries in the National Cyber Security Index. In May of this year, it confirmed it would finally create a cyber security authority. The authority was established through the country’s Cyber Security Bill as part of a wider strategy.
At that time, Sri Lanka CERT chairman Rohan Muttiah told The Register Sri Lanka had an existing strategy covering the period 2019–2023. “We are being assisted in this implementation by Cyber4Dev that is funded by the European Union,” he said.
Source : The Register