DarkVault Ransomware Attack on Lanka Communication Services

Incident Date:

April 11, 2024

World map



DarkVault Ransomware Attack on Lanka Communication Services


Lanka Communication Services (Pvt.) Ltd,




Colombo, Sri Lanka

, Sri Lanka

First Reported

April 11, 2024

Ransomware Attack Overview

Victim Profile

An organization operating as Lanka Communication Services (Pvt.) Ltd., commonly known as LankaCom, is a telecommunications company headquartered in Colombo, Sri Lanka. Established in 1991, it operates within the telecommunications services sector and maintains a moderate-sized workforce of 51-200 employees.

Industry Standing

In the telecommunications sector of Sri Lanka, it holds a prominent position, offering a diverse range of telecommunications services. Its contributions significantly impact the connectivity and communication infrastructure of the region.

Incident Summary

DarkVault, a cybercrime group, has targeted the organization with ransomware, resulting in the unauthorized exfiltration of 1.1 GB of data, which has since been fully disclosed. With the ransom deadline of March 22, 2024, having passed, the situation is deemed critical, with the cyber risk factor rated as very-high. The organization must prioritize damage control measures, including breach assessment, risk mitigation, and the reinforcement of cybersecurity protocols to forestall future attacks.

Identified Vulnerabilities

The organization may have attracted threat actors due to its status as a telecommunications provider, holding valuable data and infrastructure. The combination of its moderate size and industry prominence could render it an appealing target for cybercriminals seeking operational disruption or ransom payments.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.