• Home
  • /
  • CIO Zone
  • /
  • Justice department battles to contain ransomware attack

Justice department battles to contain ransomware attack

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 10 Sept 2021

The Department of Justice and Constitutional Development says it is working with state agencies to investigate a ransomware attack on its IT systems.

According to the department, its IT systems were compromised following a security breach on Tuesday evening.

“This has led to all information systems being encrypted and unavailable to internal employees, as well as members of the public. As a result, all electronic services provided by the department are affected, including the issuing of letters of authority, bail services, e-mail and the departmental website.”

At the time of writing, the department’s website was not accessible.

“Child maintenance payments for month-end have already been processed and will, therefore, not be impacted by the current system outage,” the department says.

It adds that so far, no data has been compromised and it assures the public that its IT teams are working to restore electronic services.

“The department has activated its business continuity plan and put contingency measures in place to ensure the IT system challenges do not affect court operations around the country. Manual recording equipment will be used to ensure court sittings continue as scheduled.

“The office of the chief master is currently using a manual process to provide bereaved families with the necessary documentation that they need to bury their loved ones.”

Soft targets

ITWeb reported yesterday that South African government entities are increasingly falling victim to cyber attacks, after the South African National Space Agency (SANSA) became the latest government entity to suffer such an incident.

In a statement, SANSA said on 6 September, it was notified of a possible breach of its IT systems.

Another state-owned company, Transnet, revealed in July that it had suffered a “disruption” of its IT systems, in what is widely believed to be a ransomware attack. It saw the rail, port and pipeline company’s operations coming to a standstill.

ITWeb also reported yesterday that the Department of Justice and Constitutional Development had informed the public that it was experiencing challenges with its IT system, which affected services at all offices and courts around the country. However, at the time, the department had not disclosed if it had suffered a cyber attack.

According to data protection solutions provider Commvault, ransomware attacks continue to rise, and are expensive. It notes that on average, it costs 10 times the cost of the ransom payment to restore the data.

The firm says 70% of ransomware attacks include a threat to leak exfiltrated data, and firms that have been attacked experience about 21 days of downtime afterwards.

“The hard costs of ransomware are astronomical; most companies are not prepared to respond to an attack, and even less are planning ahead of time,” says Commvault.

As more South African government entities continue to be hit by cyber attacks, Stephen Kreusch, cyber security director at information security firm Performanta, says the nature of the SANSA and Transnet cyber security incidents are fundamentally different.

“Transnet was a ransomware attack that locked the SOE [state-owned enterprise] out of its own systems, and the attackers tried to extort payment from Transnet. SANSA was less a ‘breach’ and more a case of SANSA inadvertently making data available to the public via their FTP server.

“Anyone could login as an ‘anonymous’ user and download the data, and the data was mostly already public information, although there was reportedly a small amount of confidential data intermingled with the public data.

“SOEs may be perceived as ‘softer’ targets given that they typically do not invest as much in securing their systems as similarly-sized commercial organisations.”

Kreusch urges government entities to implement the fundamental security controls, like patching vulnerabilities in systems, ensuring they have effective endpoint protection systems in place, and restricting and managing privileged accounts so that when their systems are compromised, it is much more difficult for an attacker to spread widely through the environment and impact so many systems.

“Security teams within SOEs know this, but they need the CIO and exco or board-level support (financial, approval of resources to secure systems in the face of competing IT priorities, etc) to deploy and maintain security controls,” he concludes.