Lucky Majangandile Erasmus (36) was sentenced to a combined eight (8) years imprisonment by the Specialised Commercial Crimes Court on Tuesday, 3 June 2025, after entering into a plea agreement with the State. The sentence includes charges of cyber fraud, theft of data, and attempted cyber extortion.
The court handed down an effective five (5) years of direct imprisonment, with three (3) years suspended for five years under strict conditions. Erasmus was also declared unfit to possess a firearm.
Charges and Modus Operandi
Erasmus and his co-accused, Felix Unathi Pupu (43)—both former employees of Ecentric—loaded malicious software onto the company’s systems, enabling remote access. An unknown individual subsequently contacted Ecentric’s CEO, claiming to have compromised the company’s IT infrastructure and demanding ransom payments.
The cybercriminals made two ransom demands:
-
14 November 2023: A demand for US$534,260.00, threatening to publish Ecentric’s data within 30 hours if unpaid.
-
30 November 2023: A second demand for US$1,000,000.00, with threats of further action to prove the breach.
No ransom was paid, but four retail clients suffered a combined loss of R794,808.51.
Convictions and Sentencing
Erasmus faced multiple charges under the Cybercrimes Act No. 19 of 2020, including:
-
1 count of contravening Section 12 of the Cybercrimes Act
-
1 count of theft of data
-
2 counts of attempted cyber extortion
-
4 counts of cyber fraud
-
4 counts of unlawful accessing of a computer system
-
3 counts of unlawful acts with software or hardware tools
-
2 counts of unlawful interference with a network or data
-
1 count of unlawful interference with a data storage medium
-
1 count of resetting passwords
-
1 count of unlawful access
-
1 count of trespassing
Suspended Sentence Conditions
The court imposed strict conditions for the suspended sentence, stating that Erasmus will face immediate imprisonment if convicted of:
-
Fraud, conspiracy to commit fraud, or theft during the suspension period.
-
Any violation of Chapter 2 Part I of the Cybercrimes Act.
-
Trespassing under Section 1(1)(a) or (b) of the Trespass Act 6 of 1959.
Co-Accused Still Awaiting Trial
While Erasmus has been in custody since 14 December 2023, his co-accused, Felix Unathi Pupu (43), remains detained and is set to appear on 30 June 2025 for plea and sentencing.
The case highlights the growing threat of insider-driven cyberattacks and the severe legal consequences for such crimes. Authorities have warned businesses to strengthen internal cybersecurity measures to prevent similar breaches.
