In a shocking cybersecurity incident, hackers have infiltrated the text messaging system of Sri Lanka’s National Water Supply and Drainage Board, seizing control of its communication portal and sending out ransom demands to unsuspecting customers.
The breach was discovered after numerous customers began receiving suspicious SMS messages, reportedly originating from the Board’s own text notification system. The attackers, who now appear to control the messaging gateway, issued a chilling ultimatum: pay one and a half bitcoins or lose access to sensitive data.
Each message included a unique cryptocurrency wallet address and a demand for 1.5 BTC, which, at current market rates, amounts to tens of thousands of U.S. dollars. The hackers claimed responsibility and, in a bizarre twist, instructed recipients not to hold the Water Board accountable. Instead, they blamed the government, asserting that the breach occurred due to its failure to maintain proper digital safeguards.
While the full extent of the data breach is still under investigation, preliminary signs suggest the attackers may have accessed customer information stored within the text messaging system, though it remains unclear whether any critical infrastructure has been compromised.
Authorities are yet to confirm whether customer billing data, water usage records, or personal information has been stolen. However, cybersecurity experts warn that even access to communication channels can be weaponized in phishing campaigns or used to undermine public trust in government services.
As of now, officials from the Water Board have not issued a formal statement on the attack, nor have they confirmed whether they intend to comply with the ransom demand. Meanwhile, government IT and cyber response units are believed to be working urgently to regain control of the compromised system and prevent further misuse.
This incident serves as a grim reminder of the increasing threat posed by ransomware attacks on public utilities. Cybersecurity professionals stress the urgent need for tighter encryption, multi-factor authentication, and proactive monitoring of critical communication platforms, especially those linked to essential services.
With digital threats evolving rapidly, public institutions in Sri Lanka may now face growing pressure to fortify their defenses against what has become a global epidemic of cyber extortion.
