By: Staff Writer
Colombo (LNW)- The Information and Communication Technology Agency (ICTA) today informed all government institutions to keep their systems upgraded and to maintain them properly to prevent ransomware attacks.
ICTA Chief Executive Officer Mahesh Perera told the Daily Mirror that after restoring the email systems, they had an issue restoring two and a half months of email backup.
However, the ICTA has confirmed that a severe data loss incident that affected all government offices using the “gov.lk” email domain has been restored.
This email facility was provided to certain state institutions that do not have their own email facilities through a separate email platform, Perera said.
“The email service was upgraded to the 2013 email platform and continues until 2023. Until now, the email platform was not updated, and it was vulnerable to various types of information security attacks,” he said.
“The ICTA attempted to upgrade the service on three occasions, but it was not possible due to financial constraints and issues with the design.
Unfortunately, the email server was attacked by ransomware on August 26, and all emails got encrypted. Several online services included email backups were also encrypted,” he said.
“We are looking at a legitimate system to restore the encrypted email log.”Fortunately, we had a two and a half-month old offline email backup, and we restored it with the system. But we have lost the email that we received within a period of two and a half months,” Perera said.
The ICTA handed over the case to SLCERT to conduct investigations, and a police complaint was filed over this ransom attack.Finally, the ICTA has engaged in activities to upgrade the email services.
Some data of government offices under the purview of the President’s Office, Cabinet Office, Ministry of Education, and Ministry of Health were affected in the ransomware attack between May 17 and August 26, 2023, the Information and Communication Technology Agency of Sri Lanka (ICTA) reported.
Director of Strategic Communications at ICTA Sampath de Silva confirmed a severe data loss incident affecting certain government offices using the “gov.lk” email domain.
He said crucial government information is exchanged via Lanka Government Network (LGN), utilizing the “[email protected]” email domain.
Stating that the ransomware could have impacted approximately 5,000 email addresses, Sampath de Silva stated there was no offline backup for a critical two-and-a-half-month data period.
The online backup system was also compromised, resulting in the loss of emails during this time frame, Sampath de Silva further said.
He further said two key measures are being implemented to prevent future data loss, such as daily offline backup processes and the upgrading of the relevant application to the latest version with enhanced defences against virus attacks.
