It is already clear that SA’s law enforcers, the police, are not fit for purpose, but now the courts themselves are falling apart. Cybercriminals have infiltrated and paralysed the SA court’s network systems, raising fears that the banking details of people and businesses dealing with the courts have been compromised, and may be made public. There have also been widespread outages from many of the government’s websites, after underground internet cables were damaged on Friday. At the same time, the Potgietersrus Magistrate’s Court and detective branch have been without power for four days, after the Mogalakwena local municipality cut off the power due to non-payment.
The ransomware attack forced courts to use manual recording equipment so that cases could proceed as scheduled, and a handwritten process was also used to provide the families of deceased individuals with the necessary documentation, to conduct funerals. Meanwhile, all cases at the Potgietersrus Magistrate’s Court are being postponed and the detective branch cannot do its investigative work properly.
The ransomware attack took place on the evening of September 6 and caused all the information systems of the Department of Justice to be encrypted. This includes all electronic services provided by the department, including bail services, e-mail, letters of authorization, etc.
An anonymous lawyer in Gauteng has revealed to Rapport that “millions of pieces of personal information” were leaked in the recent “ransomware” attack on the Department of Justice and Constitutional Development’s network.
“The files of the master of the Supreme Court contain bank details and secure access to the sensitive beneficiaries of guardians’ funds,” the lawyer revealed. This data can be easily sold on the dark web, the lawyer added.
Steve Mahlangu, a spokesman for the department, confirmed that the attack “caused our systems to be encrypted and be unavailable to employees or the public.”
However, Mahlangu claimed that there was “no indication that data was compromised“, but security industry veteran Anna Collard strongly doubts Mahlangu’s statement.
“Ransomware criminals encrypt your data, and if you do not pay the ransom, the next step is to disclose the data on the dark web or sell it to a third party,” Collard explained. “The department’s data is therefore at risk.” The sale or disclosure of the data is one of the main methods used by criminals to extort the ransom.
According to Rapport, the State IT Agency’s (SITA) protection barrier (firewall) for the servers of the Department of Justice has been affected. SITA’s communications chief, Tlali Tlali, said SITA’s own network had not been compromised in any way by the cyber attack.
“SITA is responsible for providing services to government departments. However, there are areas where SITA is not involved. On Tuesday, we conducted a full investigation into the well-being of our network and found no interruptions or deviations on our network,” Tlali claimed.
This attack comes almost a year after a ransomware attack on the systems of the Chief Justice’s office. The ransomware gang DoppelPaymer accepted responsibility at the time but it is unclear whether these attacks are related.
Tlali also denied speculation that widespread disruptions to government websites were linked to this ransomware attack, saying the disruptions to the sites were due to infrastructure-related problems. “Some of our customers do not have internet services because underground internet cables were damaged on Friday morning,” Tlali explained.
Government websites affected by widespread disruptions include:
South African Government – www.gov.za
South African Police Services – www.saps.gov.za
Tshwane Metro – www.tshwane.gov.za
Department of Communication and Digital Technology – www.dtps.gov.za
Department of Environmental Affairs – www.environment.gov.za
Department of Education – www.education.gov.za
Department of Home Affairs – www.dha.gov.za
Department of Science and Innovation – www.dst.gov.za
Department of Transport – www.transport.gov.za
Government communication and information systems – gcis.gov.za
SA News – www.sanews.gov.za
In Potgietersrus, the FF-Plus wrote an urgent letter to the acting municipal manager of the municipality, Hendrik Ngoepe, to temporarily restore the power supply to the entities in anticipation of payment, ”said Marcelle Maritz, provincial leader of the FF Plus, who indicated he would take up the issue with the national leadership without delay.
“The FF Plus cannot watch the functions of these two entities, which are extremely essential in the fight against crime, be stopped by the negligence of the national department of public works responsible for the payment of the power bills.”