Justice department’s IT system brought down in ransomware attack

Ransomware was detected in the Department of Justice and Constitutional Development systems on Monday 9 September 2021. The ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. According to the department no data compromise has been detected so far (although it is still under investigation).

This has led to all information systems being encrypted and unavailable to internal employees, as well as members of the public. As a result, all electronic services provided by the department are affected, for example, this could potentially impact some of your employee’s applications regarding child maintenance payments. In principle, personal information has been compromised.

The lesson here: Internal systems, and the vulnerability because of employee’s attitude towards cybercrime issues is the primary issue here.

All companies must ensure they have the fundamental security controls, patching vulnerabilities in systems, ensuring they have effective endpoint protection systems in place, and restricting and managing privileged accounts so that when their systems are compromised, it is much more difficult for an attacker to spread widely through the environment and impact so many systems.

A dedicated privacy audit is therefore fundamental to ensure your company remains on the offence with regard to these privacy risks.