DarkVault Ransomware Attack on Lanka Communication Services
Incident Date:
April 11, 2024
Overview
Title
DarkVault Ransomware Attack on Lanka Communication Services
Victim
Lanka Communication Services (Pvt.) Ltd,
Attacker
DarkVault
Location
First Reported
April 11, 2024
Ransomware Attack Overview
Victim Profile
An organization operating as Lanka Communication Services (Pvt.) Ltd., commonly known as LankaCom, is a telecommunications company headquartered in Colombo, Sri Lanka. Established in 1991, it operates within the telecommunications services sector and maintains a moderate-sized workforce of 51-200 employees.
Industry Standing
In the telecommunications sector of Sri Lanka, it holds a prominent position, offering a diverse range of telecommunications services. Its contributions significantly impact the connectivity and communication infrastructure of the region.
Incident Summary
DarkVault, a cybercrime group, has targeted the organization with ransomware, resulting in the unauthorized exfiltration of 1.1 GB of data, which has since been fully disclosed. With the ransom deadline of March 22, 2024, having passed, the situation is deemed critical, with the cyber risk factor rated as very-high. The organization must prioritize damage control measures, including breach assessment, risk mitigation, and the reinforcement of cybersecurity protocols to forestall future attacks.
Identified Vulnerabilities
The organization may have attracted threat actors due to its status as a telecommunications provider, holding valuable data and infrastructure. The combination of its moderate size and industry prominence could render it an appealing target for cybercriminals seeking operational disruption or ransom payments.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.