What happened to the Sri Lankan Department of Pensions?

The Sri Lankan Department of Pensions, a government agency responsible for managing pension schemes for public sector employees, was hit by a ransomware attack orchestrated by the Cloak Ransomware group. The attack involved data theft and file encryption consistent with modern ransomware operations.

Which ransomware group was responsible for the Sri Lankan pension attack?

The Cloak Ransomware group was responsible for the attack on the Sri Lankan Department of Pensions. This group is known for conducting double extortion attacks where they steal data before encrypting systems.

When was the Sri Lankan Department of Pensions attack discovered and reported?

The breach was first reported to the Sri Lanka Computer Emergency Readiness Team (SLCERT) on April 2, 2025. The situation escalated on May 26, 2025, when the Cloak group revealed the full domain name and uploaded compromised data to their dark web portal.

How much data did the Cloak ransomware group steal from Sri Lankan pensions?

The Cloak Ransomware group uploaded more than 617GB of compromised data for download on their dark web portal. The group initially posted about an unidentified victim using the partial domain 'pe*.lk' before revealing the full scope of the breach.

What types of personal information were exposed in the Sri Lankan pension breach?

The exposed data includes names, addresses, ID copies, bank details, and personal identification information of individuals associated with the Sri Lankan pension system, representing highly sensitive financial and personal data.

How many people were affected by the Sri Lankan Department of Pensions attack?

The number of affected individuals has not been disclosed by the Sri Lankan Department of Pensions or government authorities. Given that this involves a national pension system, the number could potentially be substantial.

What does the Sri Lankan Department of Pensions claim about data loss?

The department claims that no data was lost from their servers and that pension services remained unaffected throughout the incident. However, the ransomware group's ability to upload 617GB of data suggests significant data exfiltration occurred.

What is the significance of this Sri Lankan government ransomware attack?

This attack is significant because it targeted a critical government agency managing pension schemes for public sector employees, exposing sensitive financial and personal data including bank details and identification documents. The 617GB of stolen data represents a major breach of citizen information in Sri Lanka's government systems.

Incident

Sri Lankan Pensions Department hit by ransomware attack, 617GB of data exposed

Q: Who is investigating the Sri Lankan pension ransomware attack?

SLCERT (Sri Lanka Computer Emergency Readiness Team) and the Computer Crimes Investigation Division are investigating the security vulnerabilities that enabled the attack on the Department of Pensions.

published: June 1, 2025

Learn More

The Sri Lanka Department of Pensions, a government agency responsible for managing pension schemes for public sector employees, was hit by ransomware attack orchestrated by the Cloak Ransomware group.

The breach was first reported to the Sri Lanka Computer Emergency Readiness Team (SLCERT) on April 2, 2025. The attack followed a pattern consistent with modern ransomware operations, where hackers stole data and encrypted the compromised files.

The Cloak Ransomware group posted about an unidentified victim using the partial domain "pe*.lk" on dark web forums. The situation escalated on May 26, 2025 when the group revealed the full domain name and uploaded more than 617GB of compromised data for download on their dark web portal.

The exposed data includes

Names
Addresses
ID copies
Bank details
Personal identification information

The number of affected individuals has not been disclosed.

The department claims that no data was lost from their servers and that pension services remained unaffected throughout the incident.

SLCERT and the Computer Crimes Investigation Division are investigating the security vulnerabilities that enabled the attack. As a precautionary measure, the department has sent warning messages to registered pensioners, strictly advising them not to share One-Time Passwords (OTPs) or sensitive financial information with third parties,

Sri Lankan Pensions Department hit by ransomware attack, 617GB of data exposed

Read More
Hyundai Motor Europe hit by ransomware attack
Pakistani hackers claim to have breached multiple Indian …
French Ministry of Education Data Breach Exposes 243,000 …
British Ministry of Defence confirms data leak exposing …
RansomEXX publishes Digicel Group data dump