Security11.10.2023

Justice department wants to fight R5 million fine over ransomware attack in court

The Department of Justice and Constitutional Development (DoJ&CD) is taking the Information Regulator to court to appeal the R5 million fine the agency slapped it with after falling prey to a ransomware attack in 2021, TechCentral reports. (Pictured: Pansy Tlakula, Information Regulator chair.)

Departmental spokesperson Steven Mahlangu reportedly said the court application was issued on 29 September 2023 and delivered to the sheriff on 2 October. It is currently awaiting a response.

MyBroadband contacted Mahlangu for confirmation, but despite being quoted in the article, he said he could only comment once he had received confirmation from the director-general.

Repeated attempts to follow up with Mahlangu were met with silence.

The Information Regulator imposed a R5 million fine on the department in July 2023 as an administrative penalty after failing to comply with an enforcement notice issued in May.

Essentially, the regulator found that negligence contributed to the department falling victim to the attack.

The enforcement notice issued in May instructed the department to supply proof that it had renewed its security software licences within 31 days.

The regulator said the attack would likely have been prevented or mitigated if the department had valid security software licences at the time.

It instructed the department to renew its Trend Anti-Virus, Security Incident and Event Monitoring, and Intrusion Detection System licences.

The regulator also ordered that those responsible for the negligence must face disciplinary proceedings.

The notice warned that the department would be guilty of an offence if it failed to carry out the regulator’s instructions and would face a fine of up to R10 million.

However, the Department of Justice and Constitutional Development didn’t respond to the enforcement notice, leading the regulator to conclude it had not implemented the enforced remedial actions.

“The thirty-one days given to the department expired on 9 June 2023,” the regulator said.

“To date, the department has not provided the Regulator with a report on implementation of the actions required in the Enforcement Notice or any other communication in that regard.”

Ronald Lamola, Minister of Justice and Correctional Services

The regulator imposed an administrative fine on the department on Monday, 3 July 2023.

“The DoJ&CD has 30 days from 3 July 2023 to pay the administrative fine or make arrangements with the Regulator to pay the administrative fine in instalments or elect to be tried in court on a charge of having committed the alleged offence referred in terms of POPIA,” it said.

South Africa’s justice department fell victim to the ransomware attack on 6 September 2021.

Ransomware attacks often see cybercriminals encrypt valuable files after accessing a victim’s systems.

System files are left intact so the victim can access the machine to see the “ransom note”, often demanding payment in return for a method to decrypt the files.

In a statement released three days later, the department revealed that the attack had affected all its electronic systems, including bail services, email, issuing letters of authority, and the departmental website.

At the time, Mahlangu said there was no evidence that people’s data had been compromised.

However, it was later revealed that the attackers managed to grab 1,204 files.

Following the department’s statement, a source told MyBroadband that the attackers had also encrypted all of the department’s backups and demanded a ransom of 50 bitcoins.

While the department refuted the claim regarding the 50-bitcoin ransom, it didn’t deny the allegation that its backups had also been encrypted.

Its systems started coming back online a month after the attack took place.

In March 2022, it emerged that the DOJ&CD had failed to renew IT contracts in 2021 after internal staff took over control of previously outsourced functions.


Now read: “We need the army” — Fidelity boss after 22 security officers killed

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter