{"id":651119,"date":"2026-06-02T15:00:18","date_gmt":"2026-06-02T13:00:18","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=651119"},"modified":"2026-06-02T15:07:16","modified_gmt":"2026-06-02T13:07:16","slug":"sabs-executives-in-trouble-after-a-crippling-cyberattack","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/651119-sabs-executives-in-trouble-after-a-crippling-cyberattack.html","title":{"rendered":"SABS executives in trouble after a crippling cyberattack"},"content":{"rendered":"\n<p>The Department of Trade has taken disciplinary action against two executives for failing to implement cybersecurity recommendations at the South African Bureau of Standards (SABS) in 2022.<\/p>\n\n\n\n<p>As a result, the SABS systems were left vulnerable and ultimately suffered a cyberattack in November 2024. <\/p>\n\n\n\n<p>The department recently provided Parliament with an update on the steps taken in response to the incident.<\/p>\n\n\n\n<p>Private contractor TSU Protective Services was contracted to investigate and found that the relevant SABS executives should be held accountable.<\/p>\n\n\n\n<p>Its investigation found they had failed to implement recommendations from the Auditor-General of South Africa and the State Security Agency from 2022.<\/p>\n\n\n\n<p>&#8220;The board has noted the recommendation, and disciplinary action is being taken against the affected executives,&#8221; the department said.<\/p>\n\n\n\n<p>&#8220;Charges have been proffered on 14 May 2026, and the disciplinary hearing has been scheduled for the first week of June 2026.&#8221;<\/p>\n\n\n\n<p>The department said that, through its disciplinary processes, another employee was served with an official notice of allegations against them regarding the incident.<\/p>\n\n\n\n<p>They responded, and a progressive discipline approach was implemented. It added that the suspensions of two other employees were lifted following the outcome of their disciplinary hearings.<\/p>\n\n\n\n<p>The November 2024 hack on the SABS was one of the most severe and disruptive ransomware incidents to hit a South African state-owned entity.<\/p>\n\n\n\n<p>&#8220;On 20 November 2024, the SABS suffered a significant cybersecurity incident involving a ransomware attack,&#8221; the department said in a presentation responding to allegations against the SABS.<\/p>\n\n\n\n<p>&#8220;This attack has had serious implications for the SABS&#8217;s operational capabilities and its ability to deliver essential services.&#8221;<\/p>\n\n\n\n<p>The department said SABS&#8217;s management activated business continuity plans to rebuild virtual machines, which concluded on 29 December 2024.<\/p>\n\n\n\n<p>It said SABS was in the process of rebuilding its virtual machines, which would enable it to reinstall business applications.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">SABS completely locked out of systems<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><a  data-lightbox=\"post-image\" href=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/SABS-Head-office-Pretoria.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"900\" src=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/SABS-Head-office-Pretoria.jpg\" alt=\"\" class=\"wp-image-651125\" srcset=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/SABS-Head-office-Pretoria.jpg 1600w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/SABS-Head-office-Pretoria-600x338.jpg 600w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/SABS-Head-office-Pretoria-1200x675.jpg 1200w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/SABS-Head-office-Pretoria-768x432.jpg 768w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/SABS-Head-office-Pretoria-1536x864.jpg 1536w\" sizes=\"(max-width: 1600px) 100vw, 1600px\" \/><\/a><figcaption class=\"wp-element-caption\">SABS offices in Pretoria.<\/figcaption><\/figure>\n\n\n\n<p>The cyberattack reportedly impacted the SABS&#8217;s salary systems, which became inaccessible, forcing it to pay November 2024 salaries manually.<\/p>\n\n\n\n<p>At the time, SABS said an investigation had confirmed that its data had been encrypted, affecting its ICT systems. <\/p>\n\n\n\n<p>The Lynx Ransomware Group, which has a reputation as a highly organised outfit with a structured affiliate programme and robust encryption methods, engineered the attack.<\/p>\n\n\n\n<p>By February 2025, SABS and the Department of Trade, Industry, and Competition were still locked out of the affected systems.<\/p>\n\n\n\n<p>Commenting on the news that systems remained encrypted, Democratic Alliance MP Toby Chance said it showed the extent to which the SABS was unprepared for such an incident.<\/p>\n\n\n\n<p>&#8220;The SABS was unprepared for the attack it suffered at the hands of professional cybercriminals, who had clearly targeted it because of a failure to implement cybersecurity,&#8221; he said.<\/p>\n\n\n\n<p>&#8220;Because of a failure to pay a service provider, its financial systems are still not operating, leading to invoices not being issued and a potential loss of income as the organisation battles to retain customers.&#8221;<\/p>\n\n\n\n<p>While the Lynx Ransomware Group demanded a multi-million-rand ransom to decrypt the SABS&#8217;s systems, neither the organisation nor its controlling department has paid any ransom to date.<\/p>\n\n\n\n<p>The department maintained a strict stance against paying ransoms, and the Lynx Ransomware Group refused to decrypt the SABS&#8217;s primary data and backup servers without payment.<\/p>\n\n\n\n<p>The resulting near-total operational paralysis for an extensive period forced SABS to rebuild its digital infrastructure from scratch.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Department of Trade, Industry, and Competition says two executives are facing charges over the November 2024 ransomware attack on the South African Bureau of Standards.<\/p>\n","protected":false},"author":341076,"featured_media":651137,"comment_status":"open","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[72252,77448,199,461,105639,24594,30150,104596,23521,104975,105657],"class_list":["post-651119","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-cyberattacks","tag-department-of-trade-industry-and-competition-dtic","tag-hackers","tag-hacking","tag-lynx-ransomware-group","tag-parks-tau","tag-ransomware","tag-ransomware-attacks","tag-south-african-bureau-of-standards-sabs","tag-toby-chance","tag-tsu-protective-services"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/651119"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341076"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=651119"}],"version-history":[{"count":7,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/651119\/revisions"}],"predecessor-version":[{"id":651497,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/651119\/revisions\/651497"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/651137"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=651119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=651119"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=651119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}