LCR4805
Assignment 2 Semester 2 2024
Unique Number:
Due Date: 10 September 2024
QUESTION 1
Ransomware attacks, such as the one that targeted the local municipality in this scenario, fall
within the broad category of cybercrimes, which are regulated by various statutes in South
Africa. A ransomware virus typically encrypts data, rendering it inaccessible until a ransom is
paid to decrypt it. In this case, Robert, the alleged perpetrator, can potentially face legal
consequences under both the common law (before the Cybercrimes Act 19 of 2020) and
statutory law (after the Act came into force). The South African legal framework before the Act
relied heavily on older laws such as the Electronic Communications and Transactions Act
DISCLAIMER & TERMS OF USE
1. Educational Aid: These study notes are designed to serve as educational aids and should not be considered as a
substitute for individual research, critical thinking, or professional guidance. Students are encouraged to
conduct their own extensive research and consult with their instructors or academic advisors for specific
assignment requirements.
2. Personal Responsibility: While every effort has been made to ensure the accuracy and reliability of the
information provided in these study notes, the seller cannot guarantee the completeness or correctness of all
the content. It is the responsibility of the buyer to verify the accuracy of the information and use their own
judgment when applying it to their assignments.
3. Academic Integrity: It is crucial for students to uphold academic integrity and adhere to their institution's
policies and guidelines regarding plagiarism, citation, and referencing. These study notes should be used as a
tool for learning and inspiration, but any direct reproduction of the content without proper acknowledgment and
citation may constitute academic misconduct.
4. Limited Liability: The seller of these study notes shall not be held liable for any direct or indirect damages,
losses, or consequences arising from the use of the notes. This includes, but is not limited to, poor grades,
academic penalties, or any other negative outcomes resulting from the application or misuse of the information
prov
]
, For additional support +27 81 278 3372
QUESTION 1
Ransomware attacks, such as the one that targeted the local municipality in this scenario,
fall within the broad category of cybercrimes, which are regulated by various statutes in
South Africa. A ransomware virus typically encrypts data, rendering it inaccessible until a
ransom is paid to decrypt it. In this case, Robert, the alleged perpetrator, can potentially face
legal consequences under both the common law (before the Cybercrimes Act 19 of 2020)
and statutory law (after the Act came into force). The South African legal framework before
the Act relied heavily on older laws such as the Electronic Communications and
Transactions Act 25 of 2002 (ECT Act) and common law crimes like extortion, while the
Cybercrimes Act 19 of 2020 specifically modernized and broadened the legal tools
available to address cybercrime.
Legal Position Before the Cybercrimes Act 19 of 2020
Before the Cybercrimes Act 19 of 2020, cybercrimes such as ransomware attacks were
addressed under various legal frameworks, including the ECT Act and common law
provisions. Let's explore how Robert's conduct would have been prosecuted under this pre-
Act framework.
1. Electronic Communications and Transactions Act 25 of 2002 (ECT Act)
The ECT Act contains provisions that address various cyber-related offenses, including
unauthorized access to data and interference with data:
• Section 86(1): This provision prohibits unauthorized access to data, including the
interception of data. Robert’s introduction of the ransomware into the municipality’s
network constitutes unauthorized access and interception. By tricking an employee
into downloading the virus, Robert accessed data without permission, which is a
violation of this section.
• Section 86(2): This section criminalizes interference with data, specifically
prohibiting actions that modify, destroy, or render data ineffective. The ransomware
attack clearly modifies the municipality’s data by encrypting it, thus rendering it
inaccessible. Robert’s actions would fall squarely within the scope of this section.
• Section 86(3): This section addresses the creation or distribution of devices or
programs designed to overcome security measures. The ransomware virus, as a tool
that bypasses the municipality's security and encrypts data, falls under this provision.
