An anonymous Gauteng lawyer has told Rapport that “millions of pieces of personal information” were leaked in the recent ransomware attack suffered by the Department of Justice and Constitutional Development.
“The Master of the High Court’s files contain bank details and secure access to guardian’s funds’ sensitive beneficiaries,” said the lawyer.
This data could easily be sold on the dark web, the lawyer added.
Department spokesperson Steve Mahlangu confirmed that the attack had “caused our systems to be encrypted and unavailable to employees and the public.”
However, Mahlangu argued that there is “no indication that data have been compromised.”
Security industry veteran Anna Collard strongly doubts Mahlangu’s statement.
“Ransomware criminals encrypt your data and, if you do not pay the ransom, the next step is to release your data on the dark web or sell it to a third party,” Collard explained to City Press.
“The department’s data must be in danger.”
According to Rapport, the State IT Agency’s (Sita) protective barrier to the Department of Justice’s servers was affected.
Sita head of communications Tlali Tlali said their network has not been invaded by the cyberattack in any way.
“SITA is responsible for providing services to government departments. However, there are areas where SITA is not involved,” said Tlali.
“We conducted a full investigation into the wellbeing of our environment on Tuesday and found no breaks or abnormalities on our network.”
The ransomware attack occurred on the evening of 6 September and caused all of the justice department’s information systems to be encrypted and rendered unavailable — both internally and to the public.
This includes all electronic services provided by the department, including bail services, email, letters of authority, and bail services.
“Child Maintenance payments for month-end have already been processed and will therefore not be impacted by the current system outage,” said the department.
The attack forced courts to use manual recording equipment so that cases could continue as scheduled, and a manual process was also used to provide the families of deceased individuals with the appropriate documentation to conduct burials.
Interestingly, this attack occurred almost a year after a ransomware attack was conducted on the systems of the Office of the Chief Justice. Ransomware gang DoppelPaymer claimed responsibility at the time.
It is unclear at this point if these attacks are related.
Website outages unrelated
Tlali shut down speculation that widespread government website outages were related to this ransomware attack.
Tlali said that the website outages were due to infrastructure-related issues.
“Some of our customers did not have Internet services because underground internet cables were damaged on Friday morning,” explained Tlali.
Websites that were affected by this issue include:
- South African government – http://www.gov.za
- South African Police Services – https://www.saps.gov.za/
- City of Tshwane – https://www.tshwane.gov.za
- Department of Communications and Digital Technologies – https://www.dtps.gov.za/
- Department of Environmental Affairs – http://www.environment.gov.za/
- Department of Education – http://www.education.gov.za/
- Department of Home Affairs – http://dha.gov.za/
- Department of Science and Innovation – http://www.dst.gov.za/
- Department of Transport – http://www.transport.gov.za/
- Government Communication and Information Systems – https://gcis.gov.za/
- SA News – https://www.sanews.gov.za/
Tlali confirmed that these websites were back online by the end of Friday.