The Department of Justice and Constitutional Development has denied allegations that hackers have demanded a ransom of R33 million. Picture: EPA
The Department of Justice and Constitutional Development has denied allegations that hackers have demanded a ransom of R33 million. Picture: EPA

R33m ransom claim denied by justice department after hackers attack ICT system

By Rapula Moatshe Time of article published Sep 23, 2021

Share this article:

Pretoria - The Department of Justice and Constitutional Development has denied allegations that hackers who launched a ransomware attack on its information communication technology (ICT) system two weeks ago have demanded a ransom of R33 million.

This followed a media report suggesting that cyberattackers wanted the department to pay them millions of rand before they would restore its ICT system.

The department has expressed concern that some personal information may have been accessed and sent outside of the organisation, saying it was in the process of establishing the exact nature of data that had been accessed.

Department spokesperson Steven Mahlangu told the Pretoria News that the report about ransom was “inaccurate”, and that MyBroadband, which published the story, agreed to retract it.

Mahlangu said although the ICT breach was “attributed to a family of ransomware”, the department “has not received any ransom demand following the breach, as suggested by an article published on September 20, 2021”.

He said the department was “currently rebuilding its back-up infrastructure, and so far has not experienced any encryption in this regard”.

According to him, further investigation was ongoing to establish the identity of the perpetrators behind the attack.

“The director-general and senior management of the department continue to work around the clock to ensure that this challenge is resolved,” he said.

The Pretoria News was told that the Department of Trade and Industry Competition’s agency, the Companies and Intellectual Property Commission (CIPC) was also under cyberattack.

However, Mahlangu said the information that CIPC was under ransomware attack was not true.

The Pretoria News has seen a notice issued by CIPC commissioner Rory Voller indicating that “CIPC will be closed to the public on Wednesday, September 15, 2021 and Thursday September 16, 2021”.

The affected CIPC offices were in Sunnyside, Arcadia, Joburg, Cape Town and Durban, and were expected to be operational on September 17.

However, the Pretoria News heard yesterday that the CIPC’s electronic system had been “down” for the past two weeks, affecting the entity’s capacity to render services such as registration of companies and amendment of details of existing companies at its offices in Sunnyside. The non-functioning system, it was said, had since opened up a black

market outside the CIPC offices, where some people targeted unsuspecting business people wanting to update their companies’ details by promising to render them CIPC services at the cost of R1 000.

One legal practitioner, who did not want to be identified, said hacking at the department affected the email domain, making it impossible for officials to send or receive emails. “It means anybody who is in the domain of the Justice Department system can’t send email and can’t receive email. The minister cannot receive email on that domain,” the practitioner said.

The practitioner also highlighted the fact that “lawyers throughout South Africa are unable to electronically serve papers to State attorneys”. “It means that courts are more likely to issue default judgments against the State because the State has not been served. Or attempts to serve the State with papers were futile,” said the practitioner.

Mahlangu said since the ICT breach by hackers, the department’s IT team, the selected industry parties and organs of State, had been “working expeditiously to contain the spread of the malware and bringing up services in a safe and secure manner”.

According to him, the department prioritised the payment of maintenance beneficiaries, saying “the processing of these payments was successfully completed on September 16, 2021 and every workday since, with most beneficiaries having received their payments from September 16 to 20”.

To date, more than 30 000 beneficiaries have been paid.

Mahlangu said: “As part of the department’s business continuity plans, manual processes have been put in place to ensure that courts can operate normally, with manual court-recording functionality for court proceedings having been instituted. In the past week, the electronic recording of court proceedings had been restored since September 16 and as such, most courts are operating as normal.”

According to him, Master’s Offices around the country continued to, “as an interim measure, use a manual process to provide (for) bereaved families in exceptional cases where there is a need to access funds from the deceased’s banking account for burial costs”.

“In this regard, the Offices of the Master of the High Court continues to provide the MBU 12 forms to bereaved families in the interim that allow the family members access to the accounts of the deceased for the purpose of acquiring funds to pay for burial costs of the deceased,” Mahlangu said.

CIPC spokesperson Charmaine Motloung said the entity had been under threat from cyberattackers; however, its “ICT technicians were alerted to a possible security compromise and as a result, all CIPC systems were shut down immediately” on September 15 and 16.

She said the systems had since been restored and that shutdown was “a precautionary measure to mitigate any possible damage”.

“The CIPC utilises a state-of-the-art security software and any attempts to penetrate the IT environment were promptly picked up and security protocols kicked in to safeguard the system,” Motloung said.

Pretoria News

Share this article: