Ransomware Attack at Sri Lanka Government Wipes Months of Data

September 26, 2023


Sri Lanka’s government email network was hit by a ransomware attack that wiped months of data from thousands of email accounts, including ones belonging to top government officials, authorities confirmed on Monday. The attack, which started at the end of August, affected nearly 5,000 email addresses using the gov.lk email domain. The victims include Sri Lanka’s council of ministers which forms the central government of the country.

The targeted system, Lanka Government Cloud (LGC), was encrypted along with backups of the system. Although officials were able to restore LGC within 12 hours of the attack, they didn’t have backups from May 17 to August 26, so all affected accounts lost data from that period, according to Mahesh Perera, the head of Sri Lanka’s Information and Communication Technology Agency (ICTA).

Perera told media outlets that the Sri Lankan government doesn’t plan to negotiate with the attackers or pay any ransom to retrieve the lost data. The agency did not respond to a request for comment.

Incident Date

August 30, 2023


Sri Lanka

Estimated Cost

> 3 months of data lost

Type of Malware

No Malware identified

Threat Source

No threat source identified