5,000 email ids lost due to lack of backup


The Inter-Ministerial Committee (IMC) tasked with overseeing information and technology affairs in Sri Lanka has been the victim of a cyber attack.

The CEO of the government’s Information and Communications Technology Agency (ICTA), Mahesh Perera, confirmed the cyberattack.

As a result of the ICTA cyberattack, all emails exchanged between May 17, 2023 and August 26, 2023 were lost to the government agency’s staff.

ICTA cyberattack results in data loss without backup

Speculation arose on August 26 that a cybercriminal had deployed Ransomwareencrypting the entire ICTA website.

In the ransomware attack on ICTA, all Sri Lankan government offices using the gov.lk email domain were affected, losing access to their emails.

The ICTA website was successfully restored in just 12 hours after the ICTA cyberattack was detected. However, the emails could not be restored in time, also due to the time needed to restore the systems.

Regarding the loss of email, Mahesh Perera said, “Initially we were using Microsoft Exchange version 2003. The email facility was provided to government offices. »

Perera added: “In 2014, it was upgraded to Microsoft Exchange version 2013. This was in use until the attack. But this version is now outdated, obsolete and vulnerable to various types of attacks,” according to a Sri Lankan Mirror report.

Use existing systems pose a significant data security risk since older versions do not receive essential security updates. In the case of ICTA, employees’ use of such systems played a role in exposing sensitive emails to possible cyberattacks.

Company staff have been asked to move to Microsoft 365, Office 365 or Exchange 2019 before February 2023, according to a report. Read Me Report.

The ICTA cyberattack also affected Cabinet Office emails. A total of 5,000 email addresses are believed to have been affected by the ICTA ransomware attack. No ransomware group has so far claimed responsibility for encrypting ICTA emails.

Perera admitted that there was no offline backups emails leaving them exposed to permanent deletion in the event of a cyber attack.

The delay in upgrading the systems was also attributed to “administrative issues”.

Details on the ICTA cyberattack

Although this is likely a ransomware attack, it is unclear which group or group pirate Violated Sri Lanka’s ICTA systems.

The website was accessible when verified by The Cyber ​​Express. We have emailed the agency for more details. We will update this report once we receive a response.

Online backup systems were also corrupted due to the cyberattack on ICTA. After experiencing the massive loss of data during this security incident, the agency decided to perform offline backups daily. They also decided to upgrade applications in accordance with security best practices.

Perera mentioned that the Sri Lanka Computer Emergency Preparedness Team (SLCERT) was actively working on the data restoration process to recover lost emails.

ICTA and the Cabinet Office use the Lanka Government Network (LGN), considered a cost-effective and secure government private network.

He uses the (email protected) email domain. ICTA faced a cost constraint in moving to the latest and most secure email. LGN cloud backups also remained inaccessible after the encryption of the server.

Users are using minimal service due to the ICTA ransomware attack. They urged to regain their access to the service.

The agency is struggling to address technological lag and staffing shortages due to the effects of the ICTA security breach.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only and users take full responsibility for their reliance on it. THE Cyber Express assumes no responsibility for the accuracy or consequences of the use of this information.

Leave a comment