1) The information or data that was encrypted was never decrypted because it needs a special decryption key which the Department of Justice and Constitutional Development does not have. The ransomware attacker is the only one with the decryption key.
2) (a) The information that was encrypted is still there in an encryption format, there is no way of decrypting the information. The focus was never to decrypt the information, instead the information and systems was restored from the backup tapes.
(b) The systems are fully restored and productive, but due to capacity constraints, the systems are not running at full capacity.
3) The Department is fully aware of the information that was targeted.
(a) The Department is unable to quantify the targeted information in terms of percentages.
(b) The Department cannot tell with certainty as to what happened to the compromised information.
4) The Department is not aware of any information that was exfiltrated, there’s an ongoing forensic investigation by South African Police Services (SAPS), and hopefully the final SAPS report will help us to answer that question.
5) (a) So far, the Department is unable to identify the ransomware attackers and hopefully the SAPS forensic investigation report will reveal such information.
(b) (i) No ransom demand letter was received by the Department.
(ii) No ransom amount was paid to the attackers.