The Inter-Ministerial Committee (IMC) overseeing information and technology affairs in Sri Lanka encountered a cyber attack.
The CEO of the government’s Information and Communication Technology Agency (ICTA), Mahesh Perera, confirmed the cyber attack.
As a result of the ICTA cyber attack, all emails exchanged between May 17, 2023, and August 26, 2023, were lost for the government agency’s staff.
ICTA Cyber Attack Leads to Data Loss Without Backup
Speculations arose on August 26, that a cybercriminal deployed ransomware, encrypting the entire ICTA website.
During the ransomware attack on ICTA, all Sri Lankan government offices using the gov.lk email domain were affected, losing access to their emails.
The ICTA website was successfully restored within just 12 hours after detecting the ICTA cyber attack. However, the emails could not be restored in time also because of the time taken to restore the systems.
Addressing the loss of email, Mahesh Perera said, “Initially, we used Microsoft Exchange Version 2003. The email facility was given to Government offices.”
Perera added, “In 2014, it was upgraded to Microsoft Exchange Version 2013. This was in use till the attack. But that version is now obsolete, outdated, and vulnerable to various types of attacks,” according to a Sri Lanka Mirror report.
Using legacy systems pose a significant risk to data security since older versions do not receive essential security updates. In the case of ICTA, employees’ use of such systems played a role in exposing sensitive emails to potential cyber attacks.
Company staff were urged to upgrade to Microsoft 365, Office 365, or Exchange 2019 before February 2023, according to a Readme report.
The ICTA cyber attack has affected the Cabinet Office emails also. A total of 5,000 email addresses are suspected to have been impacted by the ICTA ransomware attack. No ransomware group has claimed the ICTA email encryption so far.
Perera admitted that there were no offline backups of the emails leaving them exposed to permanent deletion in case of a cyber attack.
The delay in the upgradation of the systems has also been attributed to ‘administrative problems.’
Details About the ICTA Cyber Attack
Although it is suspected to be a ransomware attack, it is not clear which group or hacker breached the systems of Sri Lanka’s ICTA.
The website was accessible when checked by The Cyber Express. We emailed the agency for additional details. We will update this report upon receiving a response.
Online backup systems were also corrupted owing to the cyber attack on ICTA. After experiencing the massive loss of data in this security incident, the agency has decided to take offline backups daily. They also decided to upgrade the applications as a security best practice.
Perera mentioned that the Sri Lanka Computer Emergency Readiness Team (SLCERT) was actively working on the data restoration process to recover the lost emails.
ICTA and the Cabinet office use the Lanka Government Network (LGN) which is considered a cost-effective and secure, government-owned private network.
It uses the [email protected] email domain. ICTA has been battling a cost constraint in switching to the latest and most secure email facility. The LGN cloud backups were also left inaccessible after the encryption of the server.
Users have been using minimal service due to the ICTA ransomware attack. They have been urging to get their access to the service back.
The agency has been trying to cope with the technological lag and the shortage of staff seeing the effects of the ICTA security breach.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.