Sri Lankan Government Loses 3 Months Of Data After Ransomware Attack

The Information and Communication Technology Agency (ICTA) has confirmed that on August 26th, all Sri Lankan government emails have lost all their data from May 17 to August 26, 2023 after a massive ransomware attack.
One government staff said that their official email had been receiving suspicious links over the past few weeks and that someone may have clicked one, triggering the ransomware attack.

The system was restored within 12 hours of the attack and the backup was also brought back, but more than three months of storage for over 5000 email domains was missing.

ICTA has started daily offline backups and intends to upgrade the relevant application to the latest version. An upgrade to the email network had been planned since 2021 but was constrained by fund limitations and board decisions, ICTA CEO Mahesh Perera said.

Steve Hahn, Executive VP, BullWall had this comment:

   “Ransomware attacks typically seek to steal and encrypt your data. However, there’s no guarantee the attacker will leave your data behind, encrypted or otherwise. Whether you pay the threat actor or even restore from backups, on average companies will not retrieve all of their data.

   “A 2021 study by Veeam found that more than half of all data backups fail, losing Ideas, patents, customer orders and communications, legal information, plans and documents. In this case the failure was a failure to act. It’s critical to protect it all and modern RW targets those backups as well, with the potential to wipe out everything. Not a good thing when “restoring the system” does not include your data.”

The attitude of organizations who are trying to protect themselves against attacks like this have to be prevention first along with a recovery strategy. That way they are covered for any eventuality.


Leave a Reply

%d bloggers like this: