Keep systems upgraded to prevent ransomware attacks: ICTA

The Information and Communication Technology Agency (ICTA) today informed all government institutions to keep their systems upgraded and to maintain them properly to prevent ransomware attacks.

ICTA Chief Executive Officer Mahesh Perera told the Daily Mirror that after restoring the email systems, they had an issue restoring two and a half months of email backup.

However, the ICTA has confirmed that a severe data loss incident that affected all government offices using the "gov.lk" email domain has been restored.

This email facility was provided to certain state institutions that do not have their own email facilities through a separate email platform, Perera said.

"The email service was upgraded to the 2013 email platform and continues until 2023. Until now, the email platform was not updated, and it was vulnerable to various types of information security attacks," he said.

"The ICTA attempted to upgrade the service on three occasions, but it was not possible due to financial constraints and issues with the design. Unfortunately, the email server was attacked by ransomware on August 26, and all emails got encrypted. Several online services included email backups were also encrypted," he said.

"We are looking at a legitimate system to restore the encrypted email log.

"Fortunately, we had a two and a half-month old offline email backup, and we restored it with the system. But we have lost the email that we received within a period of two and a half months," Perera said.

The ICTA handed over the case to SLCERT to conduct investigations, and a police complaint was filed over this ransom attack.

Finally, the ICTA has engaged in activities to upgrade the email services. (Chaturanga Pradeep Samarawickrama)