Cybercriminals targeted a fund containing a pool of money held by the courts in trust on behalf of minors, unborn heirs and missing or absent persons
HACKERS attacked a Justice Department fund last week, the department said on Wednesday, but said it did not receive any ransom demands.
They targeted a fund containing a pool of money held by the courts in trust on behalf of minors, unborn heirs and missing or absent persons, it said.
“The department confirms what appears to be an incident wherein unauthorised transactions may have been attempted on the Guardians fund at the Masters office in Pietermaritzburg,” Crispin Phiri, spokesperson for the Department of Justice and Constitutional Development (DOJ), said.
Two cybercrime experts, who have reviewed the matter, told Reuters the attack was orchestrated by DoppelPaymer ransomware – a malicious software used by its namesake cybercriminal group.
The group targets enterprises and government departments with phishing e-mails, spam or fake downloads, encrypting the receivers data and then typically demanding a ransom not to post the confidential information online.
Phiri said the DOJ had not received any ransom demands. He made no comment on who might have been behind the attack other than to say it was being investigated.
Reuters has reviewed screenshots of the DoppelPaymer “leak site” on the dark web listing two pdf files obtained from the judiciary website.
“The two files shown in the screenshot have been posted to their dark web ‘leak site’ as proof of the attack,” said Brett Callow, a threat analyst at global cybersecurity firm Emsisoft.
The cyberattack follows a massive data leak in August that saw the personal information and identity numbers of around 24 million South Africans from credit bureau Experian’s database.
In 2019 hackers demanding ransom shut down the cyber network of the Johannesburg City Council.
“Even the most mature organisations are going to struggle to hold back the wave, so understaffed and under-funded government agencies will inevitably be targeted and compromised,” said Charl van der Walt, head of security research at Orange Cyberdefense.