Department of Justice hack — all backups gone and R33 million ransom demanded
The hackers that attacked the Department of Justice and Constitutional Development’s (DOJ&CD) systems earlier this month managed to encrypt all of its backups and have demanded a 50 bitcoin (R33,234,450) ransom.
MyBroadband received information from an IT company that consulted with the department, which the DOJ&CD brought in to attempt to recover control of the compromised systems.
According to the source, the attack resulted in the encryption of “everything, including the backups”, which they could not recover.
The consulting IT company advised the Department of Justice to pay the ransom and budget for a cloud backup system.
Based on their initial investigation, the company believes the attackers may have entered the system as early as April this year.
The attack occurred on 6 September and disrupted all of the department’s electronic services, including bail services, letters of authority, email, and website.
The department issued a statement later that same week confirming the attack.
“Our IT teams are working tirelessly to restore services as soon as is practically possible,” the department said.
The department temporarily adopted manual recording equipment to facilitate scheduled court proceedings.
“The Department’s IT experts are working together with state agencies to investigate and resolve the problem. So far, no indication of data compromise has been detected,” the department’s statement said.
The attack occurred nearly a year after the DoppelPaymer ransomware gang claimed responsibility for hacking the Office of the Chief Justice’s systems.
MEDIA STATEMENT
17 September 2021
UPDATE ON PROGRESS IN RESTORING JUSTICE SERVICES FOLLOWING RANSOMWARE ATTACK https://t.co/ygBxZvI44I pic.twitter.com/3aJxmoSuWD
— The DoJ & CD (@DOJCD_ZA) September 17, 2021
In a statement issued on Friday, the DOJ&CD said that it had recovered some functionality of its system for child maintenance payments, MojaPay.
It said that it made payments on 15 September 2021, and it expected the money to reflect in beneficiary accounts this past weekend.
“The Master’s Offices around the country continue to, as [an] interim measure, use [a] manual process to provide bereaved families, in exceptional cases, where there is a need to access funds from the deceased’s banking account for burial costs,” it said.
“However, no manual letters of executorship or authority will be issued during this crisis period.”
The Department of Justice did not respond to multiple requests for comment on whether its backups were encrypted and how much money the attackers demanded.
Update: Following the publication of this article, the DOJ&CD has denied that it has received a ransom at all. This contradicts its statement on 9 September that it was the victim of a ransomware attack.
MyBroadband has asked the DOJ&CD for more information about the nature of the attack against its IT system and it promised to provide further feedback.
Update 2: “We based the wording on the family of malware that was discussed in our environment. There doesn’t need to be a ransom demand for the classification to be made.”
The @DOJCD_ZA would like to place it on the record that it has not received any ransom demand following the ransomware attack as suggested by an article on https://t.co/Aj9PxHsFj9 published on 20 Sept 2021. The Mybroadband article to this effect is completely untrue https://t.co/M5Jy6iJ2MH
— Ministry of Justice and Correctional Services 🇿🇦 (@Min_JCS) September 20, 2021