On the 6th of September, South Africa’s Department of Justice was hit by a ransomware attack that targeted its network and managed to encrypt its entire systems, thus electronic services were not available anymore, neither internally, nor to the public.
The Ransomware Attack: Its Effects
In relation to what happened, the South’s Africa Department of Justice and Constitutional Development declared in a media advisory that
This has led to all information systems being encrypted and unavailable to both internal employees as well as members of the public. As a result, all electronic services provided by the Department are affected, including, issuing of letters of authority, bail services, email, and the departmental website.
Child maintenance payments that are normally done on a monthly basis were delayed until a system restoration is put in place.
With reference to this aspect, Steve Mahlangu, a Department of Justice’s spokesperson commented that:
While the department is not able to determine the exact date when the required systems will be restored, it will ensure all child maintenance money is kept secure for payment to the rightful beneficiaries when the systems are back online.
However, as per the same’s spokesperson last week’s declarations, signs of data compromising were not detected.
What Measures Have Been Taken
According to BleepingComputer, the Department of Justice and Constitutional Development started as a result of the cyberattack to implement some measures. Thus:
- System restoration is in progress, as the IT team handles this issue now.
- Their contingency plan was activated. This was necessary for not letting on hold some country’s activity.
- They switched to a manual process in court sittings, meaning that hearings were recorded using a manual mode, same applying to different legal documents issuing, for example, documentation that bereaved families need for dear ones’ funerals in exceptional cases.
- As I mentioned above, child maintenance payments were delayed until the system’s restoration is finalized.
- A new e-mail system was implemented.
The authors of this cyberattack were not confirmed yet and the department has also not shared yet a clear statement on the date starting with the things will work as usual.
It’s interesting to mention that this ransomware cyberattack followed another one targeting SANSA (the South African National Space Agency) adding to South Africa ransomware attacks. In relation to this, it was reported back then that private past SANSA student’s records were identified on a public FTP server. The leakage was done accidentally and now the data is not available any more on that public group’s website.