Lucky Majangandile Erasmus (36) was sentenced to eight years’ imprisonment on Monday, 3 June 2025, by the Specialised Commercial Crimes Court in connection with a high-profile cybercrime case targeting South African fintech company, Ecentric. The sentence follows a plea agreement entered into with the State. Three years of the eight-year sentence were suspended for five years, meaning Erasmus will serve an effective five years in prison.
The charges against Erasmus relate to a 2023 incident in which he and co-accused Felix Unathi Pupu (43), both former employees of Ecentric, installed software on the company’s systems that enabled unauthorized remote access. This access was later exploited in an attempted ransomware scheme that included multiple extortion attempts and led to significant data breaches.
Erasmus was convicted on a wide range of charges, including:
-
One count of contravening section 12 of the Cybercrimes Act No. 19 of 2020
-
One count of theft of data
-
Two counts of attempted cyber extortion
-
Four counts of cyber fraud
-
Four counts of unlawful access to a computer system
-
Three counts involving unlawful use of software or hardware tools
-
Two counts of unlawful interference with network or data
-
One count of interference with a data storage medium
-
One count of password resetting
-
One count of unlawful access
-
One count of trespassing
According to court documents, the software installed by the accused allowed a third party to breach Ecentric’s IT infrastructure. On 14 November 2023, a ransom demand was made to Ecentric’s CEO, requesting payment of US$534,260 within 16 hours, with the threat that company data would be leaked publicly—including to competitors and regulators—within 30 hours. When the initial demand was not met, a second ransom of US$1 million was issued on 30 November 2023.
Ecentric did not comply with either demand. However, four of its retail clients sustained financial losses totalling R794,808.51 as a result of the cyberattack.
Erasmus has been in custody since 14 December 2023. His co-accused, Felix Pupu, remains in custody and is scheduled to appear in court on 30 June 2025 for plea and sentencing.
As part of the conditions tied to the suspended portion of his sentence, Erasmus must not commit any further offences relating to fraud, cybercrime, or trespassing during the five-year suspension period. A violation would lead to the activation of the suspended sentence.
The court also declared Erasmus unfit to possess a firearm.
This case marks a significant application of South Africa’s Cybercrimes Act and highlights the growing focus on criminal accountability for cybersecurity breaches involving insider threats.
The post Cybercrime Conviction: Former IT Employee Sentenced to Eight Years for Fraud and Extortion Plot appeared first on ProtectionWeb.
The post Cybercrime Conviction: Former IT Employee Sentenced to Eight Years for Fraud and Extortion Plot appeared first on defenceWeb.
