SRI LANKA'S PENSIONS DEPARTMENT HIT BY CLOAK RANSOMWARE, 617GB OF DATA ALLEGEDLY LEAKED

The Pensions Department of Sri Lanka has reportedly been targeted by the Cloak ransomware group, according to cybersecurity monitoring platform FalconFeeds.io.

While the Pensions Department has issued a statement claiming no data loss or disruption to services following a cyber-attack in early April, FalconFeeds.io has provided further details.

According to posts on FalconFeeds.io's official X (formerly Twitter) account, the Sri Lankan Pensions Department was subjected to unauthorised access on April 2 and again on May 26. The platform alleges that during the May 26th intrusion, 617 gigabytes (GB) of data belonging to the Pensions Department's data file were released onto the dark web.

The group responsible for this unauthorised access has been identified as Cloak ransomware, known for encrypting sensitive data and extorting victims by demanding ransom payments for decryption keys and for not disclosing stolen information.

FalconFeeds.io, a SaaS platform specialising in cyber threat intelligence, continuously monitors global threat actors and provides insights into the latest cybersecurity incidents 24 hours a day.

It remains unconfirmed whether any data from the Pensions Department has been compromised or if a ransom demand has been made. However, the Pensions Department's earlier statement claimed that its IT systems were being restored with no data loss or service disruption.

Sri Lanka Computer Emergency Readiness Team (SLCERT) is reportedly investigating the incident.