Security6.10.2021

Department of Justice hack — New details emerge

The Department of Justice and Constitutional Development (DoJ&CD) is struggling to recover its IT systems after suffering a ransomware attack a month ago.

MyBroadband has received information from within South Africa’s legal fraternity that the process of restoring affected systems is still ongoing, with no end date in sight.

The justice department became the latest South African organisation to become a ransomware victim on 6 September 2021, resulting in the encryption of all its IT services.

Last week, a meeting was held between several players collaborating with the Master of the High Court, the Chief Master, several Masters, and representatives of the civil service IT department.

The department remains steadfast in its belief that no data was lost and that systems will be restored from backups — they declined to provide an estimate of how long the process would take.

MyBroadband previously received information from a source indicating that the DoJ&CD’s backups had also been encrypted. The DoJ&CD has disputed the accuracy of this information.

The DoJ&CD suggested that the Master’s Office completes the appointment of liquidators, the selection of executors, and the authorisation of trustees manually until systems are restored.

All manual records must be kept to be captured on the Paperless Estate Administration System (PEAS) and Paperless Estate Administration System for Trusts (PEAST) after data and services are restored.

The Chief Master initially rejected the suggestions, eventually saying he would consult with Masters and provide feedback.

High Court of South Africa, High Court of South Africa, Gauteng Local Division

The department previously indicated that no manual letters of executorship or authority would be issued during this crisis period.

MyBroadband contacted the DoJ&CD for comment, but it had not responded by the time of publication.

The Information Regulator reported last week, and the department later confirmed that personal details might have been compromised.

According to Doctor Mashabane, director-general advocate for the department, at least 1,200 files—which contain the names, banking details and contact details of the department’s clients—may have been compromised.

In addition, the Information Regulator said the following personal information may have been compromised:

  • Names, addresses, identity numbers, and phone numbers of information officers
  • Names, residential addresses, identity numbers, phone numbers, qualifications, bank accounts, and salaries of employees
  • Names, addresses, and bank details of the service providers

Doctor Mashabane, Director-General Advocate for the Department of Justice and Constitutional Development.

The DoJ&CD released a statement on 9 September 2021 informing the public of the attack, which disrupted all of the department’s electronic services, including bail services, letters of authority, email, and website.

“Our IT teams are working tirelessly to restore services as soon as is practically possible,” the department said.

“The Department’s IT experts are working together with state agencies to investigate and resolve the problem. So far, no indication of data compromise has been detected.”

“The Department apologises for any inconvenience this may cause to the public.”

While the department suffered a ransomware attack, the DoJ&CD advised that as of 20 September 2021 no demand for money has been made.

This is in line with ransomware strains such as Hello Kitty and Death Kitty where the attackers leave a link to a dark web chat service. The ransom demand is then only made when you make contact.

However, a source has told MyBroadband that a ransom has been set and that the attackers have asked for 50 bitcoin — around R33 million.

The DoJ&CD has disputed this and maintained that it has received no ransom demand.

Example of ransomware note without specific amount demanded, pointing victim to a dark web chat service.

The attack knocked several critical systems offline and has crippled South Africa’s courts. Services impacted include:

  • E-mail
  • Bail services
  • Payment of child maintenance
  • No way to correspond with magistrates or judges — no one can file court papers
  • Recording and transcription of court proceedings offline
  • Master’s offices

Several cases in South Africa’s lower courts were postponed due to the outage, and the court system remains disrupted as the DoJ&CD works to restore its IT systems.

On 17 September, the department said it had recovered some functionality of its system for child maintenance payments, MojaPay.

The Master’s Offices around South Africa have been forced to revert to manual systems, also causing severe disruptions with the following services impacted:

  • Deceased estates — including issuing letters of executorship and urgent payments out of frozen bank accounts
  • Curatorships
  • Orphans whose affairs are being managed by the state

Democratic Alliance MP and former prosecutor Glynnis Breytenbach has said that the disruption to the Master’s Offices is a significant concern.

“They are no longer geared to operate manually. They don’t have the staff,” she stated.

“We need to get these systems back up and running. The Master’s office is so dysfunctional this is going to be the last straw,” she said.


Now Read: Hackers steal R100 million from South African University — but lost most of it

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter