South Africa's Justice Department Goes Dark After Ransomware Hit
A ransomware attack knocked South Africa's Department of Justice offline, forcing courts back to pen and paper.
South Africa’s Department of Justice and Constitutional Development is offline. A ransomware attack took down its website and disrupted services at courts and offices across the country, and at some locations staff have had to fall back to manual, paper-based processes just to keep things moving. If you’ve ever waited in line at a government office when “the system is down,” you know how bad that gets at scale — now imagine it’s the justice system, where deadlines, filings, and case records actually matter.
This is the part of ransomware coverage that doesn’t get enough attention. We talk a lot about the technical mechanics — encryption, exfiltration, the negotiation dance with attackers — but the real damage shows up in mundane ways: a clerk who can’t pull up a case file, a court that can’t confirm a hearing date, a citizen who can’t get a document processed because the database is locked up somewhere behind a ransom note. Paper-based fallback isn’t a quaint throwback, it’s a sign that digital infrastructure has become load-bearing in ways that are invisible until it snaps.
This also isn’t an isolated incident. It’s one of several major ransomware attacks against national government bodies this month alone. That’s a pattern worth sitting with. Government agencies are, in a lot of ways, the softest targets in this space: budgets are tight, IT staff are stretched, legacy systems pile up over decades, and the incentive to modernize security often loses out to more visible priorities. Meanwhile the payoff for attackers is enormous — not just potential ransom money, but leverage over an institution that genuinely cannot afford extended downtime.
There’s also a harder question lurking here about resilience versus recovery. Plenty of organizations build ransomware response plans around “how fast can we restore from backup,” which is necessary but not sufficient. What do you do when the outage isn’t measured in hours but in the time it takes to painstakingly reconstruct trust in every system that was touched? Courts can’t just flip a switch and declare their case management software clean — they have to verify records weren’t altered, confirm the integrity of anything reintroduced, and rebuild processes that quietly assumed the network would always be there.
I don’t think this trend of hitting government targets slows down anytime soon. Ransomware groups have figured out that critical public infrastructure — courts, hospitals, utilities — creates exactly the kind of urgency that makes victims more likely to pay or at least scramble expensively to avoid paying. Until there’s a real cost imposed on attackers, whether through law enforcement action, sanctions, or just better-funded defenses at the agencies most exposed, expect more headlines like this one, just with a different country and a different department name at the top.