[BreachExchange] South African Justice Department hit by ransomware attack

[Sophia Kingsbury]

https://www.digitaljournal.com/tech-science/south-african-justice-department-hit-by-ransomware-attack/article

The South African Justice Department has disclosed a ransomware attack in
September 2021, according to Bloomberg. This represents the second
successful cyberattack on a South African state institution in the last two
months.

The breach occurred on September 6 and it left all of the department’s
information systems encrypted and unavailable. All electronic services
provided by the department were affected—including email, the departmental
website, the issuing of letters of authority and bail services.

According to the South African politician, Glynnis Breytenbach: “The
justice system is utterly reliant on a functioning IT system and with the
COVID-19 lockdowns already significantly slowing down the wheels of
justice, the country simply cannot afford this further vulnerability.”

Looking into the ramifications for the attack for Digital Journal is James
Carder, Chief Security Officer and Vice President of LogRhythm.

Carder notes that governmental bodies are in the target for many malicious
actors, partly due to the rich stream of personal data that can be
extracted. Here Carder notes: “Unfortunately, federal governments are a hot
target for cybercriminals hoping to steal valuable information and hold for
a high ransom.”

He expands on the attack motivation: “This is partly due to the amount of
extremely sensitive information held in their databases, the fact that
government agencies notoriously do not invest enough in cybersecurity
protections, their access to large sums of money, as well as the
significant ramifications that come along with having to shut down
government agencies or services.”

In terms of the implications of the attack, Carder summarizes: “Government
shutdowns are extremely impactful and may be more of a reason for victims
to pay ransom put up by these criminals.”

So what are state institutions to do? Carder recommends: “In order for
governments to properly prepare and prevent these attacks, and ensure
continued support of their citizens, they must leverage dependable security
monitoring solutions to gain full visibility into these environments.”

His advice extends further with: “Additionally, organizations must
prioritize educational training, prepare a response plan, create backups,
limit privileged access, patch aggressively and consider cyber insurance.
More importantly, it is essential that cybersecurity is properly funded and
government agencies invest in security and protection to make this protocol
possible.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210915/72366604/attachment.html>