Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Encryption Security

Ransomware Encrypts South Africa's Entire Department of Justice Network (bleepingcomputer.com) 59

The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. As a consequence of the attack, the Department of Justice and Constitutional Development said that child maintenance payments are now on hold until systems are back online. BleepingComputer reports: The incident happened on September 6 and the department activated the contingency plan for such events to ensure the continuation of some activity in the country. Last week, [Steve Mahlangu, spokesperson for the Department of Justice and Constitutional Development] said that court sittings continued after a switch into manual mode for recording the hearings. A manual process has also been adopted for issuing various legal documents. However, the ransomware attack impacted monthly child maintenance payments, which have been delayed until the systems are restored.

The department is still in the process of returning to regular operations but it is cannot say when the activity will become normal again. Part of this effort was setting up a new email system, to which some staff has already migrated. Coupled with the long time needed for network restoration, this is a sign that the hackers did not get paid. It is unclear who is behind this attack. Many ransomware gangs also steal data before encrypting it, to force the victim into paying the ransom under the pressure of a public leak. Mahlangu said last week that the Department's IT experts have found "no indication of data compromise." Until now, the attack has not been claimed by any of the gangs with a data leak site.

This discussion has been archived. No new comments can be posted.

Ransomware Encrypts South Africa's Entire Department of Justice Network

Comments Filter:
  • by Rosco P. Coltrane ( 209368 ) on Thursday September 16, 2021 @05:08AM (#61800727)

    because the justice department wasn't online back then. And also, there was no justice.

    • by Viol8 ( 599362 ) on Thursday September 16, 2021 @07:23AM (#61800893) Homepage

      If you think successive ANC governments have been any better then you're deluded. All that happened is priviledge has moved from a small white clique to a small black clique and general corruption is far worse. So par for the course for your average african state.

      • Re: (Score:3, Insightful)

        Isn't that a step up?

        To my knowledge, the current black plutocracy doesn't torture and imprison white people for decades.

        It's also worth reminding that the US looks just as plutocratic and as corrupt as your average African state.

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          To my knowledge, the current black plutocracy doesn't torture and imprison white people for decades.

          Because it has only been in power for 2 decades and it is under way more scrutiny. But, it does imprison and oppress both whites and poor blacks along with the massive corruption which takes money from the poor blacks and puts it into the pockets of the rich blacks who control the government.

          US looks just as plutocratic and as corrupt as your average African state

          No, it isn't. Your average African state has institutionalized corruption and bribery as well as being rife tribal discrimination. In many African states, rape isn't treated as a serious crime especially if the woman is

          • No, it isn't. Your average African state has institutionalized corruption and bribery as well as being rife tribal discrimination.

            Replace "corruption and bribery" by "lobbying", and "tribal" by "racial" and ask yourself if it applies to the US.

            rape isn't treated as a serious crime especially if the woman is from the wrong tribal group, murdering homosexuals is fine

            Ever been to the south?

            You really are an ignorant fuck

            Ad hominem! Now I really can't compete with an argument like that. You win Sir!

            • Ever been to the south?

              Have you? They have plenty of gay night clubs there. While not everyone living there is a wonderful person accepting of other people living how they want to and enjoying their freedom to do as they wish, that's scarcely less true of other places, no matter how much up their own ass the assholes there might be.

            • rape isn't treated as a serious crime especially if the woman is from the wrong tribal group, murdering homosexuals is fine

              Ever been to the south?

              I live in the South, and unless you are basing your assumptions on movies you're being disingenuous.

              Yes, racism exists in the South - to deny that would be pointless, but it's not the norm and even amongst those who are still racist the LEVEL of racism is pretty low compared to what it was in decades past. And regardless of race or sexual orientation any murder or rape allegation is going to be taken seriously.

              A lot of people use a binary definition of "good" and "bad" and claim that since the US isn't per

      • If you think successive ANC governments have been any better then you're deluded. All that happened is priviledge has moved from a small white clique to a small black clique and general corruption is far worse. So par for the course for your average african state.

        If you think typical corruption is as bad or worse than an openly racist government then you're playing apologist for some extremely nasty concepts.

        I'd rather live in a Democratic country where rule-breaking is normalized than an openly racist country where rule-following is profoundly immoral.

    • But iPhones would have been safer than Apartheid phones anyway.
  • Can anyone enlighten me on how Ransomware gangs work. They said no one claimed it, so could it be relatively by accident?

    I am wondering if these could be more like general worms that infect large networks of computers but only encrypt in preset conditions with maybe a phone home to a command server?

    If this is the case are decrypt keys somewhat universal?

    Are there other cases where a Ransomware gang could fail to identify the target or simple not care? If the operations are targeted, seems pretty clear they

    • by serafean ( 4896143 ) on Thursday September 16, 2021 @06:10AM (#61800791)

      Or they hit too big a target, and chicken out... Everybody loses in that case.

      • ...Everybody loses in that case.

        Not the executive too cheap to fund a proper backup solution that ultimately caused this shit.

        Much like Wall Street bankers teeing up the next crash, we haven't learned a damn thing yet when it comes to regulation or deterrents.

    • ... relatively by accident?

      The ransomware has a phone-home function so the criminal gang knows who to threaten. Maybe this time, that didn't happen.

      ... keys somewhat universal?

      Sometimes, yes and ransomware opponents have calculated and published the unlock key in such cases. Other times, the ransomware generates a seed and forwards that to the command server before deleting it. In that case, only the criminal gang can calculate the unlock key.

    • by ezdiy ( 2717051 )

      > If this is the case

      It is, most of the time.

      > are decrypt keys somewhat universal?

      Not anymore. About 4 years ago, criminals realized that asymmetric cryptography actually exists. The worm carries a fixed public key around, it's pretty bullet proof.

    • by DarkOx ( 621550 )

      The more sophisticated groups generally target. Often the targeting is rather unsophisticated phishing of persons at target organizations with a standard malware package as the ultimate payload.

      So yes sometimes the blast radius is not what was expected and this hit other persons and organizations. Sometimes the payloads are custom builds and there will be some hostname checks etc to see if they are executing on an expected domain, or they will seek to limit the blast radius in other ways like looking at wha

    • Can anyone enlighten me on how Ransomware gangs work. They said no one claimed it, so could it be relatively by accident?

      (Ping) "Wait, I thought YOU wanted that subnet in the DDoS."

      (Pong) "No, I thought YOU wanted it."

      (Ping) "Dammit Pong!"

      (Moe) "What did you two knuckleheads do?"

      (The trials and tribulations of the Low-Hanging Fruit department...)

    • Could just be part of enabling a crime spree!
  • Windows? (Score:4, Funny)

    by Orlando ( 12257 ) on Thursday September 16, 2021 @06:13AM (#61800795) Homepage

    Let me guess, a wild stab in the dark, was their infra based on Windows by any chance?

    • by SpzToid ( 869795 )
      Windows Server using Active Directory is my bet.
    • No, it was OpenBSD... of course it was Windows lol
    • What makes you think that is relevant? Pretty much 100% of ransomware spreads via a user with appropriate privileges running malware. They are stopped only through a policy of not executing software or not having access to data.

      Not running Windows isn't some defense against incompetent network design or system administration.

      • Not running Windows isn't some defense against incompetent network design or system administration.

        In many cases, running Linux instead of Windows is very much is a defense against this type of attack. No one has yet been stupid enough to create a Linux system that automatically runs attachments. And even a valid Linux program attachment requires multiple manual steps to go from attachment to running program.

        In all too many cases, a Windows program attachments goes from email attachment to running program just by being received by the Windows email server. And if that doesn't happen, it goes from attachm

        • by HiThere ( 15173 )

          Sorry, but often unpacking a compressed file unpacks it with execute privilege already in place. Things can be opened/unpacked by thinks not involving user interaction. Email is almost always saved to disk. Etc.

          Linux has more automagic features than I consider at all wise. But it *does* need to be designed specifically to attack Linux, and often is dependent on being run by someone with supervisor privileges...which *should* never happen, though it does.

          • Both Windows and Linux make it hard to get things done if you don't have privileges. And every security feature you add also brings another attack surface. It's unlikely that somebody will untar/gzip something, set +x and then run it. But that doesn't happen on Windows either. Part of any exploit is finding a way to get the payload to execute. After that you just escalate privileges. I have sudo access on a number of machines. I don't really want it, but its necessary. Applications run as service ac
        • And even a valid Linux program attachment requires multiple manual steps to go from attachment to running program.

          You have saved nothing. The user who will execute an attachment manually will do so even if multiple steps are involved.
          Both modern Linux and modern Windows OSes will autorun scripts from a USB stick. Both leave the ability to disable this function to a system administrator. Neither OS auto runs files from email attachment, both require user intervention including warnings and confirmation.

          The single most dangerous thing to a company is someone who thinks Linux is a magical defense.

          It [bleepingcomputer.com]
          is [bleepingcomputer.com]
          not! [cybersecur...siders.com]

          • Yep. Its the same madness that leads people to think Macs are invunerable to virues, even though theres plenty of the damn things in the wild.

            "Oh hey I cant run this program" *disables system protection*

            "I dont need a virus checker its a mac" *runs shonkware downloaded from pirate bay*

            Like sure, purely statistically its a safer system, and apple do have some good defences in there, but the weakest link in the chain defines the strength of the entire chain, and in any computer system, that weakest link is st

    • Let me guess, a wild stab in the dark, was their infra based on Windows by any chance?

      (Capitalism@PlanetEarth) "Yes, of course it's still Windows. Planet Linux is two moons down on your left. Quite a hellish place, as some new form of semi-warm fusion powered by Fartcoin mining is used to count beans. We still use Excel."

    • by RobinH ( 124750 )
      I bet the guy who got his car stuck in the mud was driving a wheeled vehicle. That wouldn't have happened if he'd been driving a real vehicle like my M1A1 Abrams Tanks. Who drives a wheeled vehicle anyway? Tanks are so much better at everything. I mean yeah, my tank doesn't fit down *all* the roads I want to drive down, and I had to read a manual as thick as my arm to understand how to use it, but the manual was free, man!
      • by HiThere ( 15173 )

        You seem to be stuck back in 2000. In 2021 Linux is a quite capable desktop operating system, and (to my mind) *more* user friendly than MSWindows. There are clearly those who disagree, but I feel that's based on lack of familiarity. Or specialized needs, with a requirement for custom software that hasn't yet been ported to Linux.

        (OTOH, no, I don't count Android as Linux.)

      • Your labored car analogy misses a critical point:

        EVERYONE GETS FREE TANKS

      • by swm ( 171547 )

        Linux [...] is not a business at all. It's a bunch of RVs, yurts, tepees, and geodesic domes set up in a field and organized by consensus. The people who live there are making tanks. These are not old-fashioned, cash-iron Soviet tanks; these are more like the M1 tanks of the U.S. Army, made of space-age materials and jammed with sophisticated technology from one end to the other. But they are better than army tanks. They've been modified in such a way that they never, ever break down, are light and maneuver

    • If it said Unix/Linux would you call the poster a liar? For an OS that supposedly runs the internet, it comes up remarkably short when it comes to bad things happening.

      • If it said Unix/Linux would you call the poster a liar? For an OS that supposedly runs the internet, it comes up remarkably short when it comes to bad things happening.

        I don't know what you mean by that last sentence. If you mean it comes up short in defense against bad things, then that's true. But if you mean it's responsible for less bad things, that's also true, because Windows is responsible for more.

  • Judge: Do you know what the penalty for encrypting the entire Department of Justice's network is?

    Defendant: No I'm sure its way less than the penalty for running a violent, international criminal organization!

  • I suspect it was not Ubuntu.

  • “The South African (SA) government is committed to socio-economic ... Its solutions such as Microsoft Azure, Office 365, and Microsoft Dynamics 365 [archive.is] power ...”

"Engineering without management is art." -- Jeff Johnson

Working...