The Department of Justice and Constitutional Development of South Africa admitted that its IT systems and operations were disrupted in a ransomware attack. The security incident encrypted all the information systems, making their services unavailable to employees and the public. The department’s entire electronic services, including bail services, email, and websites, went offline that caused authorities to go for manual operations.
Cybercriminals often spread ransomware via phishing emails that contain Trojans or malware, infecting the targeted systems and encrypting critical files.
“The Department would want to assure all affected parties that our IT teams are working tirelessly to restore services as soon as is practically possible. Child Maintenance payments for month-end have already been processed and will therefore not be impacted by the current system outage,” the department said in a statement.
No Sign of Data Misuse
While the threat actors behind the ransomware attack are unknown, the department’s security experts are working together with state agencies to investigate the cyberattack. “The Department has activated its Business Continuity Plan and put contingency measures in place to ensure that the IT system challenges do not affect court operations around the country. Manual recording equipment will be used to ensure that court seating continues as scheduled,” the statement added.
This is not the first time South Africa has sustained a cyberattack. Earlier, a survey revealed that businesses in South Africa suffered various network attacks between March 15 to March 21, 2020, affecting 310,000 devices in one week.
Why Hackers Target Govt. Bodies
Ransomware operators targeting government agencies have increased in recent times. From the U.S. Colonial Pipeline to the Indian energy sector, several cyberattacks by various cybercriminals groups have been reported lately since critical infrastructure in any country is operated under government departments. Threat actors deliberately target government agencies to cause maximum damage and demand high ransom, expecting public agencies to pay ransom to continue their critical operations. For instance, Colonial Pipeline reportedly paid a $4.4 million ransom to cybercriminals to restore the paralyzed operations and avoid trouble to the citizens.