Ransomware encrypts South Africa’s entire Dept of Justice network
Latest in cybersecurity.
The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public.
As a consequence of the attack, the Department of Justice and Constitutional Development said that child maintenance payments are now on hold until systems are back online.
All services affected
The incident happened on September 6 and the department activated the contingency plan for such events to ensure the continuation of some activity in the country.
“[The attack] has led to all information systems being encrypted and unavailable to both internal employees as well as members of the public. As a result, all electronic services provided by the department are affected, including the issuing of letters of authority, bail services, e-mail and the departmental website” – Steve Mahlangu, spokesperson for the Department of Justice and Constitutional Development
Last week, Mahlangu said that court sittings continued after a switch into manual mode for recording the hearings. A manual process has also been adopted for issuing various legal documents.
However, the ransomware attack impacted monthly child maintenance payments, which have been delayed until the systems are restored.
“While the department is not able to determine the exact date when the required systems will be restored, it will ensure all child maintenance money is kept secure for payment to the rightful beneficiaries when the systems are back online” – Steve Mahlangu
The department is still in the process of returning to regular operations but it is cannot say when the activity will become normal again.
Part of this effort was setting up a new email system, to which some staff has already migrated. Coupled with the long time needed for network restoration, this is a sign that the hackers did not get paid.
It is unclear who is behind this attack. Many ransomware gangs also steal data before encrypting it, to force the victim into paying the ransom under the pressure of a public leak.
Mahlangu said last week that the Department’s IT experts have found “no indication of data compromise.” Until now, the attack has not been claimed by any of the gangs with a data leak site.
via BleepingComputer https://ift.tt/2fDDDRH
September 15, 2021 at 12:39PM