The South African Justice Department has disclosed a ransomware attack in September 2021, according to Bloomberg. This represents the second successful cyberattack on a South African state institution in the last two months.
The breach occurred on September 6 and it left all of the department’s information systems encrypted and unavailable. All electronic services provided by the department were affected—including email, the departmental website, the issuing of letters of authority and bail services.
According to the South African politician, Glynnis Breytenbach: “The justice system is utterly reliant on a functioning IT system and with the COVID-19 lockdowns already significantly slowing down the wheels of justice, the country simply cannot afford this further vulnerability.”
Looking into the ramifications for the attack for Digital Journal is James Carder, Chief Security Officer and Vice President of LogRhythm.
Carder notes that governmental bodies are in the target for many malicious actors, partly due to the rich stream of personal data that can be extracted. Here Carder notes: “Unfortunately, federal governments are a hot target for cybercriminals hoping to steal valuable information and hold for a high ransom.”
He expands on the attack motivation: “This is partly due to the amount of extremely sensitive information held in their databases, the fact that government agencies notoriously do not invest enough in cybersecurity protections, their access to large sums of money, as well as the significant ramifications that come along with having to shut down government agencies or services.”
In terms of the implications of the attack, Carder summarizes: “Government shutdowns are extremely impactful and may be more of a reason for victims to pay ransom put up by these criminals.”
So what are state institutions to do? Carder recommends: “In order for governments to properly prepare and prevent these attacks, and ensure continued support of their citizens, they must leverage dependable security monitoring solutions to gain full visibility into these environments.”
His advice extends further with: “Additionally, organizations must prioritize educational training, prepare a response plan, create backups, limit privileged access, patch aggressively and consider cyber insurance. More importantly, it is essential that cybersecurity is properly funded and government agencies invest in security and protection to make this protocol possible.”