Ransomware attack encrypts South African Justice Department, system still being restored
The South African Department of Justice faced a massive ransomware attack earlier this month and it is reportedly still trying to get operations back to normal. The attack took place on September 6, 2021, when the ransomware encrypted all information systems provided by the department. This made all electronic services, including email and the website, inaccessible to internal employees and the public. According to a report from Bleeping Computer, the Justice Department dealt with the attack by immediately activating an emergency plan. The plan was a measure to deal with such situations and ensured that the attack did not disrupt all activities in the country.
The ransomware’s encryption also reportedly affected the payment of monthly child support payments to beneficiaries. Activity will be delayed until the systems are fully restored.
The report quoted Steve Mahlangu, spokesperson for the Department of Justice and Constitutional Development, as saying: “[The attack] led to all information systems being encrypted and inaccessible to internal employees as well as members of the public. As a result, all electronic services provided by the ministry are affected, including issuance of letters of authorization, surety services, email and the ministry website.
Mahlangu added that while the exact date when the systems will be restored cannot be estimated, the department “will ensure that all child support money is kept safe for payment to legitimate beneficiaries when systems will be back online ”.
However, Mahlangu said some activities in the department continued despite the attack. For example, court hearings continued after switching to manual mode for recording hearings. Likewise, manual processes were followed to issue various legal documents.
The Department of Justice has also switched to a new e-mail system. Some of the staff have already migrated to the new messaging system.
The ministry was unable to identify the hackers behind this attack. However, since it takes a long time to restore the network, he believes that the hackers were not paid for the attack.
Usually, hackers and ransomware gangs steal data before encrypting an information system. This forces the victims to pay a huge ransom because they fear information leaking into the public domain. However, IT experts in the department have found “no indication of data compromise” so far.