Sri Lanka
LKRansomware victim intelligence profile ยท Ranked #73 globally ยท Updated: May 28, 2026
Ransomware Threat Profile: Sri Lanka
Sri Lanka ranks #73 globally for ransomware attacks, with 13 confirmed victims in this database โ representing 0.1% of the worldwide total. The most active ransomware groups targeting Sri Lanka include Payload, Cloak, Worldleaks.
The most frequently targeted industries in Sri Lanka are Business Services, Agriculture and Food Production, Public Sector. Manufacturing organisations are attractive targets because production downtime directly impacts revenue, creating strong incentives to restore operations by paying the ransom.
Sri Lanka's attack volume reflects broader trends in ransomware targeting: the volume of attacks reflects the country's integration into the global economy and the proliferation of ransomware operations that target organisations of all sizes worldwide.
Organisations in Sri Lanka should consider the active threat groups documented here when assessing their cybersecurity posture, implementing detection rules, and prioritising incident response planning.
Recent Victims in Sri Lanka (13 cached of 13 total)
| # | Organization | Group | Sector | Date |
|---|---|---|---|---|
| 1 | Ceywater Consultants | Worldleaks | Business Services | May 1, 2026 |
| 2 | Marino Food Products Pvt | Payload | Agriculture and Food Production | Apr 16, 2026 |
| 3 | NKAR Travels & Tours | Payload | Hospitality and Tourism | Mar 30, 2026 |
| 4 | MASHOLDINGS.COM | Clop | Manufacturing | Nov 21, 2025 |
| 5 | Provincial Department of Health Services Sri Lanka | Kryptos | Public Sector | Nov 6, 2025 |
| 6 | www.midcity.lk | Yurei | Agriculture and Food Production | Sep 5, 2025 |
| 7 | Pensions.gov.lk | Cloak | Public Sector | Jun 27, 2025 |
| 8 | VS One Technology | Nova | Technology | May 27, 2025 |
| 9 | Pe*************.lk | Cloak | โ | Apr 18, 2025 |
| 10 | Cargills Bank | Hunters | Financial Services | Mar 20, 2025 |
| 11 | Richardson | Qilin | Business Services | Jan 19, 2025 |
| 12 | PeoplesHR | Meow | Technology | Aug 2, 2024 |
| 13 | lankacom.net | Darkvault | Business Services | Apr 11, 2024 |
Frequently Asked Questions
How many ransomware attacks have occurred in Sri Lanka?
Sri Lanka has recorded 13 ransomware victim disclosures in this database, ranking #73 globally. This represents 0.1% of all tracked ransomware attacks worldwide.
Which ransomware groups target Sri Lanka?
The ransomware groups most active in Sri Lanka are Payload, Cloak, Worldleaks, Clop. These groups collectively account for the majority of victim disclosures attributed to Sri Lanka.
Which industries are most targeted by ransomware in Sri Lanka?
In Sri Lanka, the most frequently targeted sectors are Business Services, Agriculture and Food Production, Public Sector. These industries hold valuable data and often have critical operational requirements that make them attractive ransomware targets.
How does Sri Lanka rank globally for ransomware attacks?
Sri Lanka ranks #73 globally for ransomware attacks with 13 victim disclosures, representing 0.1% of the worldwide total of 18,180 tracked victims.
How can organisations in Sri Lanka protect against ransomware?
Organisations in Sri Lanka should implement a layered security approach including regular offline backups, network segmentation, multi-factor authentication, endpoint detection and response (EDR) tools, and employee security awareness training. Monitoring threat intelligence feeds for active groups targeting Sri Lanka is also recommended.