Ransomware Encrypts South Africa's Entire Department of Justice Network (bleepingcomputer.com) 59
The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. As a consequence of the attack, the Department of Justice and Constitutional Development said that child maintenance payments are now on hold until systems are back online. BleepingComputer reports: The incident happened on September 6 and the department activated the contingency plan for such events to ensure the continuation of some activity in the country. Last week, [Steve Mahlangu, spokesperson for the Department of Justice and Constitutional Development] said that court sittings continued after a switch into manual mode for recording the hearings. A manual process has also been adopted for issuing various legal documents. However, the ransomware attack impacted monthly child maintenance payments, which have been delayed until the systems are restored.
The department is still in the process of returning to regular operations but it is cannot say when the activity will become normal again. Part of this effort was setting up a new email system, to which some staff has already migrated. Coupled with the long time needed for network restoration, this is a sign that the hackers did not get paid. It is unclear who is behind this attack. Many ransomware gangs also steal data before encrypting it, to force the victim into paying the ransom under the pressure of a public leak. Mahlangu said last week that the Department's IT experts have found "no indication of data compromise." Until now, the attack has not been claimed by any of the gangs with a data leak site.
The department is still in the process of returning to regular operations but it is cannot say when the activity will become normal again. Part of this effort was setting up a new email system, to which some staff has already migrated. Coupled with the long time needed for network restoration, this is a sign that the hackers did not get paid. It is unclear who is behind this attack. Many ransomware gangs also steal data before encrypting it, to force the victim into paying the ransom under the pressure of a public leak. Mahlangu said last week that the Department's IT experts have found "no indication of data compromise." Until now, the attack has not been claimed by any of the gangs with a data leak site.
This would NOT have happened during the Apartheid! (Score:4, Funny)
because the justice department wasn't online back then. And also, there was no justice.
There's no justice now either (Score:5, Insightful)
If you think successive ANC governments have been any better then you're deluded. All that happened is priviledge has moved from a small white clique to a small black clique and general corruption is far worse. So par for the course for your average african state.
Re: (Score:3, Insightful)
Isn't that a step up?
To my knowledge, the current black plutocracy doesn't torture and imprison white people for decades.
It's also worth reminding that the US looks just as plutocratic and as corrupt as your average African state.
Re: (Score:2, Insightful)
To my knowledge, the current black plutocracy doesn't torture and imprison white people for decades.
Because it has only been in power for 2 decades and it is under way more scrutiny. But, it does imprison and oppress both whites and poor blacks along with the massive corruption which takes money from the poor blacks and puts it into the pockets of the rich blacks who control the government.
US looks just as plutocratic and as corrupt as your average African state
No, it isn't. Your average African state has institutionalized corruption and bribery as well as being rife tribal discrimination. In many African states, rape isn't treated as a serious crime especially if the woman is
Re: (Score:2)
No, it isn't. Your average African state has institutionalized corruption and bribery as well as being rife tribal discrimination.
Replace "corruption and bribery" by "lobbying", and "tribal" by "racial" and ask yourself if it applies to the US.
rape isn't treated as a serious crime especially if the woman is from the wrong tribal group, murdering homosexuals is fine
Ever been to the south?
You really are an ignorant fuck
Ad hominem! Now I really can't compete with an argument like that. You win Sir!
Re: (Score:2)
Ever been to the south?
Have you? They have plenty of gay night clubs there. While not everyone living there is a wonderful person accepting of other people living how they want to and enjoying their freedom to do as they wish, that's scarcely less true of other places, no matter how much up their own ass the assholes there might be.
Re: (Score:2)
rape isn't treated as a serious crime especially if the woman is from the wrong tribal group, murdering homosexuals is fine
Ever been to the south?
I live in the South, and unless you are basing your assumptions on movies you're being disingenuous.
Yes, racism exists in the South - to deny that would be pointless, but it's not the norm and even amongst those who are still racist the LEVEL of racism is pretty low compared to what it was in decades past. And regardless of race or sexual orientation any murder or rape allegation is going to be taken seriously.
A lot of people use a binary definition of "good" and "bad" and claim that since the US isn't per
Re: (Score:1)
So did Henry Kissinger (war criminal), Yasser Arafat (terrorist) and Barak Obama (he hadn't done anything to deserve it at the time he was awarded it, and didn't do anything to deserve it afterward either).
Getting the Nobel Prize is hardly a guarantee that the recipient is a worthy person. In fact, I'd consider being a member of that particular club a rather dubious honor myself.
Re: (Score:2)
If you think successive ANC governments have been any better then you're deluded. All that happened is priviledge has moved from a small white clique to a small black clique and general corruption is far worse. So par for the course for your average african state.
If you think typical corruption is as bad or worse than an openly racist government then you're playing apologist for some extremely nasty concepts.
I'd rather live in a Democratic country where rule-breaking is normalized than an openly racist country where rule-following is profoundly immoral.
Re: (Score:2)
Ransomware by accident (Score:2)
Can anyone enlighten me on how Ransomware gangs work. They said no one claimed it, so could it be relatively by accident?
I am wondering if these could be more like general worms that infect large networks of computers but only encrypt in preset conditions with maybe a phone home to a command server?
If this is the case are decrypt keys somewhat universal?
Are there other cases where a Ransomware gang could fail to identify the target or simple not care? If the operations are targeted, seems pretty clear they
Re:Ransomware by accident (Score:4, Insightful)
Or they hit too big a target, and chicken out... Everybody loses in that case.
Re: (Score:2)
...Everybody loses in that case.
Not the executive too cheap to fund a proper backup solution that ultimately caused this shit.
Much like Wall Street bankers teeing up the next crash, we haven't learned a damn thing yet when it comes to regulation or deterrents.
Re: (Score:3)
The ransomware has a phone-home function so the criminal gang knows who to threaten. Maybe this time, that didn't happen.
Sometimes, yes and ransomware opponents have calculated and published the unlock key in such cases. Other times, the ransomware generates a seed and forwards that to the command server before deleting it. In that case, only the criminal gang can calculate the unlock key.
Re: (Score:2)
> If this is the case
It is, most of the time.
> are decrypt keys somewhat universal?
Not anymore. About 4 years ago, criminals realized that asymmetric cryptography actually exists. The worm carries a fixed public key around, it's pretty bullet proof.
Re: (Score:3)
The more sophisticated groups generally target. Often the targeting is rather unsophisticated phishing of persons at target organizations with a standard malware package as the ultimate payload.
So yes sometimes the blast radius is not what was expected and this hit other persons and organizations. Sometimes the payloads are custom builds and there will be some hostname checks etc to see if they are executing on an expected domain, or they will seek to limit the blast radius in other ways like looking at wha
Re: (Score:2)
Can anyone enlighten me on how Ransomware gangs work. They said no one claimed it, so could it be relatively by accident?
(Ping) "Wait, I thought YOU wanted that subnet in the DDoS."
(Pong) "No, I thought YOU wanted it."
(Ping) "Dammit Pong!"
(Moe) "What did you two knuckleheads do?"
(The trials and tribulations of the Low-Hanging Fruit department...)
Re: (Score:2)
Windows? (Score:4, Funny)
Let me guess, a wild stab in the dark, was their infra based on Windows by any chance?
Re: (Score:3)
Re: (Score:2)
Re: (Score:3)
What makes you think that is relevant? Pretty much 100% of ransomware spreads via a user with appropriate privileges running malware. They are stopped only through a policy of not executing software or not having access to data.
Not running Windows isn't some defense against incompetent network design or system administration.
Re: Windows? (Score:1)
Re: (Score:1)
Several linux distros have the same functionality, basically touted as automatic updates or whatever.
And in most large managed unix/linux setups you actually run scripts that automatically log in to computers to do stuff as doing such manually for hundreds or thousands of computers is not effective.
But also without such functionality if you find a hole allowing logging in and gaining root proivileges, then automating such is trivial.
Re: (Score:3)
There is a very key difference! I am not suggesting malware/ransomware can't/doesn't/won't more agressively in the future/etc target non-windows environments but...
The whole Windows/ADS world suffers from having a lot of stuff that either attempts to authenticate gratuitously or many be easily coerced to attempt to authenticated with an attackers chosen target remotely without user interaction on the victim machine. That is the foot hold to a lot of attacks / worms / privilege escalation - replay/relay issu
Re: (Score:2)
On what non-Windows operating system can arbitrary files be automatically downloaded, installed, and executed?
A lot more than you're assuming.
Also, First Rule of Desktop Support; Never underestimate the ability for humanity to one-up your design and build a better idiot.
Re: (Score:2)
Let me turn that question on it's head: On what Windows operating system can arbitrary files be automatically downloaded, installed, and executed?
It seems you may have not used a PC in the past 20 years, and still have an early Windows XP era view of windows security. Update your assumptions. Nearly all ransomware relies on user manually intervening to help the attack.
But since you want to compare windows to linux:
Neither system autoexecute downloads. In fact both of them will scan downloads for threat vect
Re: (Score:2)
Python devs do this constantly.
Re: (Score:2)
Not running Windows isn't some defense against incompetent network design or system administration.
In many cases, running Linux instead of Windows is very much is a defense against this type of attack. No one has yet been stupid enough to create a Linux system that automatically runs attachments. And even a valid Linux program attachment requires multiple manual steps to go from attachment to running program.
In all too many cases, a Windows program attachments goes from email attachment to running program just by being received by the Windows email server. And if that doesn't happen, it goes from attachm
Re: (Score:3)
Sorry, but often unpacking a compressed file unpacks it with execute privilege already in place. Things can be opened/unpacked by thinks not involving user interaction. Email is almost always saved to disk. Etc.
Linux has more automagic features than I consider at all wise. But it *does* need to be designed specifically to attack Linux, and often is dependent on being run by someone with supervisor privileges...which *should* never happen, though it does.
Re: (Score:2)
Re: (Score:2)
And even a valid Linux program attachment requires multiple manual steps to go from attachment to running program.
You have saved nothing. The user who will execute an attachment manually will do so even if multiple steps are involved.
Both modern Linux and modern Windows OSes will autorun scripts from a USB stick. Both leave the ability to disable this function to a system administrator. Neither OS auto runs files from email attachment, both require user intervention including warnings and confirmation.
The single most dangerous thing to a company is someone who thinks Linux is a magical defense.
It [bleepingcomputer.com]
is [bleepingcomputer.com]
not! [cybersecur...siders.com]
Re: (Score:2)
Yep. Its the same madness that leads people to think Macs are invunerable to virues, even though theres plenty of the damn things in the wild.
"Oh hey I cant run this program" *disables system protection*
"I dont need a virus checker its a mac" *runs shonkware downloaded from pirate bay*
Like sure, purely statistically its a safer system, and apple do have some good defences in there, but the weakest link in the chain defines the strength of the entire chain, and in any computer system, that weakest link is st
Re: (Score:2)
Let me guess, a wild stab in the dark, was their infra based on Windows by any chance?
(Capitalism@PlanetEarth) "Yes, of course it's still Windows. Planet Linux is two moons down on your left. Quite a hellish place, as some new form of semi-warm fusion powered by Fartcoin mining is used to count beans. We still use Excel."
Re: (Score:2)
Re: (Score:2)
You seem to be stuck back in 2000. In 2021 Linux is a quite capable desktop operating system, and (to my mind) *more* user friendly than MSWindows. There are clearly those who disagree, but I feel that's based on lack of familiarity. Or specialized needs, with a requirement for custom software that hasn't yet been ported to Linux.
(OTOH, no, I don't count Android as Linux.)
Re: (Score:2)
Your labored car analogy misses a critical point:
EVERYONE GETS FREE TANKS
Tanks (Score:2)
And again, no headline says Windows again (Score:1)
Re: (Score:2)
If it said Unix/Linux would you call the poster a liar? For an OS that supposedly runs the internet, it comes up remarkably short when it comes to bad things happening.
Re: (Score:2)
If it said Unix/Linux would you call the poster a liar? For an OS that supposedly runs the internet, it comes up remarkably short when it comes to bad things happening.
I don't know what you mean by that last sentence. If you mean it comes up short in defense against bad things, then that's true. But if you mean it's responsible for less bad things, that's also true, because Windows is responsible for more.
Re: (Score:1)
You can get things to improve in South Africa by getting Simple Minds and Peter Gabriel to write songs about it.
Re: (Score:2)
What do you expect? I wonder what the recovery strategy will be? Complain until YT fixes it for them, and then bitch that it didn't get fixed fast enough?
I'm gonna guess we'll be finding out soon enough.
That's one way to beat the charges (Score:2)
Defendant: No I'm sure its way less than the penalty for running a violent, international criminal organization!
Ah, have you seen legal documents? (Score:2)
They are already partially encrypted.
What OS were they using? Yes, it matters (Score:2)
I suspect it was not Ubuntu.
Microsoft Dynamics 365 power SA Gov (Score:1)