Ransomware attack encrypts South African Ministry of Justice, system is still being restored
The South African Justice Department faced a massive ransomware attack earlier this month and is reportedly still trying to get its operations back to normal. The attack took place on September 6, 2021 when ransomware encrypted all information systems provided by the department. As a result, all electronic services – including e-mail and the website – were not available to internal staff and the public. According to a report by Bleeping Computer, the judiciary responded to the attack by immediately activating an emergency plan. The plan was a measure to deal with such situations and ensure that the attack did not disrupt all activity in the country.
The ransomware encryption also reportedly affected the payment of monthly child support payments to beneficiaries. Activity is delayed until the systems are fully restored.
The report quoted Steve Mahlangu, spokesman for the Department of Justice and Constitutional Development, as saying: “[The attack] has resulted in all information systems being encrypted and unavailable to both internal employees and the public. This affects all electronic services of the department, including the issuing of powers of attorney, deposit payments, e-mail and the department website. “
Mahlangu added that while the exact date the systems will be restored cannot be estimated, the department “will ensure that all child support is secured for payment to the rightful beneficiaries when the systems are back online” .
However, Mahlangu said certain activities by the department continued despite the attack. For example, court sessions continued after switching to manual mode to record hearings. Manual processes were also followed to issue various legal documents.
The judiciary has also switched to a new e-mail system. Some of the employees have already switched to the new e-mail system.
The department could not identify the hackers behind this attack. However, because it takes a long time to restore the network, the hackers assume that the hackers were not paid to perform the attack.
Typically, hackers and ransomware gangs steal data before encrypting an information system. This forces victims to pay a large amount of ransom as they fear that information will leak to the public. However, the department’s IT experts have so far found “no evidence of data compromise”.