South Africa's department of justice faced a massive ransomware attack earlier this month and it is reportedly still trying to restore its operations back to normal. The attack took place on September 6, 2021, when ransomware encrypted all the information systems provided by the department. This made all electronic services — including email and website — unavailable to internal employees and to the public. According to a report by Bleeping Computer, the justice department dealt with the attack by immediately activating a contingency plan. The plan was a measure to deal with such situations and ensured that the attack did not interrupt all activities in the country.
The ransomware encryption also reportedly affected the disbursal of monthly child maintenance payments to beneficiaries. The activity will be delayed until the systems are fully restored.
The report quoted Steve Mahlangu, spokesperson for the Department of Justice and Constitutional Development, as saying, “[The attack] has led to all information systems being encrypted and unavailable to both internal employees as well as members of the public. As a result, all electronic services provided by the department are affected, including the issuing of letters of authority, bail services, e-mail and the departmental website”
Mahlangu added that though the exact date when the systems will be restored cannot be estimated, the department will “ensure all child maintenance money is kept secure for payment to the rightful beneficiaries when the systems are back online.”
However, Mahlangu said that certain activities under the department were being continued despite the attack. For instance, court sittings continued after they switched to manual mode for recording hearings. Similarly, manual processes were being followed to issue various legal documents.
The justice department also switched to a new email system. A part of the staff has already migrated to the new email system.
The department hasn't been able to identify the hackers behind this attack. However, given that network restoration is taking a long time, it believes that the hackers did not get paid for the attack.
Usually, hackers and ransomware gangs steal data before encrypting an information system. This forces victims to pay a huge ransom amount as they fear of leak of information in the public domain. However, the department's IT experts have found "no indication of data compromise" till now.