Ongoing attack on justice department’s IT system cyber warfare’ assault ‘
Hackers who targeted the justice department’s IT systems have stolen personal details, believed to belong to staff and ordinary citizens, in an apparently highly sophisticated ransomware cyber attack.
While the department confirmed this month’s attack was a ransomware assault, it denied media reports that its backup computer servers and the data that was stored on the systems had been encrypted and was being held for a R33m ransom.
On Monday Mybroadband reported that the hackers had demanded R33m in bitcoin for the database to be decrypted.
The attack affected magistrate’s and high courts across the country, as well as the payments of thousands of maintenance orders.
The assault, which IT forensic expert Jacques van Heerden described as a cyber warfare attack, comes after African Bank on Wednesday confirmed personal data, including that of a number of the bank ’ s loan customers under debt review, was compromised after a cyber attack on debt collector Debt-in.
Though the Debt-in attack occurred in April, it was only discovered last week, said the bank’s chief risk officer, Piet Swanepoel.
He said they had notified “the relevant regulatory authorities and are alerting customers who have been affected”.
Last month hackers launched a major cyber attack on Transnet, bringing its port operations to a grinding halt for a week.
A source with knowledge of police investigations said ransomware had been installed on the department’s IT servers, and that the backups had been affected.
“Entire systems have been affected. It’s not just affecting the courts, but other government departments and agencies linked to the department.”
He said a high-level intergovernmental agency investigation led by crime intelligence, the Hawks and state security agency was underway.
“Investigators are looking at whether there are any links between the Transnet assault and the justice department attack. No one has been able to identify how or when the attack was launched.”
In response to questions from reporters, director-general advocate Doctor Mashabane said reports that a R33m ransom was demanded for the decryption of the IT servers were “inaccurate”.
“The department has not received any ransom demand since the breach. The department is now rebuilding its backup infrastructure, and so far has not experienced any encryption in this regard.”