Transnet ransomware attack explained

Transnet ransomware attack
Blank Data:-->
Blank1 Data:-->
Blank2 Data:-->
Time:SAST
Date:22 July 2021
Location: South Africa
Target:Shipping infrastructure
Patrons:-->
Organizers:-->

On 22 July 2021, Transnet became a victim of a ransomware attack.[1] [2] [3] The attack caused Transnet to declare force majeure at several key container terminals, including Port of Durban, Ngqura, Port Elizabeth and Cape Town.[4] [5] [6] The attack was the first time that the "operational integrity of the country's critical maritime infrastructure has suffered a severe disruption" leading the Institute for Security Studies (ISS) to call its impact "unprecedented" in South African history.[7]

The ISS speculated that Transnet was withholding details about the attack as it was an issue of national security and because the attack might cause legal liabilities for the company. Bloomberg News stated that the attackers encrypted files on Transnet's computer systems thereby preventing the company from accessing their own information whilst leaving instructions on how to start ransom negotiations.[8] The Bloomberg article quotes a source from the cybersecurity firm Crowdstrike Holdings Inc. which states that the ransomware used in the attack was linked to "strains known variously as “Death Kitty,” “Hello Kitty” and “Five Hands.”" and likely originated from Russia or Eastern Europe. The Department of Public Enterprises stated that none of Transnet client's data had been compromised in the attack.[9]

The timing of the attack, which followed closely after the 2021 South African unrest following former South African President Jacob Zuma's imprisonment, caused speculation that the two events might have been part of a coordinated effort to disrupt economic activity in the country.[10] The authorities stated that the two events were likely unrelated.

Background

The Durban port handles 60% of South African container traffic.[11] [12] [13]

Timeline

Notes and References

  1. Web site: Viljoen . John . Njini . Felix . 27 July 2021 . Transnet declares force majeure at SA ports over cyberattack . 2021-07-27 . Fin24 . en-US.
  2. Web site: Toyana. Mfuneko. 2021-07-26. BUSINESS MAVERICK: Transnet cyberattack puts employees' salaries at risk while backlogs at ports mount. 2021-07-27. Daily Maverick. en.
  3. Web site: de Wet . Phillip . 27 July 2021 . Ships are starting to bypass SA ports as Transnet tells customers and staff of 'sabotage' . 2021-07-27 . News24.
  4. Web site: Shead. Sam. 2021-07-27. South Africa port operations halted and workers reportedly put on leave after major cyberattack. 2021-07-27. CNBC. en.
  5. Web site: Mokhoali . Veronica . Ntshidi . Edwin . 24 July 2021 . Ntshavheni: Govt still believes cyberattack at Transnet unrelated to unrest . 2021-07-27 . ewn.co.za . en.
  6. Web site: Transnet declares a force majeure . 2021-07-27 . www.enca.com . en.
  7. Web site: Reva . Denys . 2021-07-29 . Cyber attacks expose the vulnerability of South Africa's ports . 2021-08-02 . ISS Africa . en.
  8. Web site: Ryan . Gallagher . Burkhardt . Paul . 29 July 2021 . 'Death Kitty' Ransomware Linked to South African Port Attack . 2021-08-02 . .
  9. Web site: Naidoo . Suren . 2021-07-29 . Data 'has not been compromised' in Transnet cyber attack, says Gordhan's department . 2021-08-02 . Moneyweb . en.
  10. Web site: 28 July 2021. Call to 'connect dots between insurrection modus operandi and crippling Transnet cyber attack'. 2021-08-02. www.iol.co.za. en.
  11. Web site: Swart. Nadya. 2021-07-27. Flash Briefing: SA govt reaches pay deal with unions; Transnet cyber attack; Mango suspends flights. 2021-07-27. BizNews.com. en-GB.
  12. Web site: Ginindza . Banele . July 26, 2021 . SA's 'Gateway to Africa' status at risk as Transnet tries to fix IT system woes . 2021-07-27 . www.iol.co.za . en.
  13. Web site: Jul 2021. Moneyweb / 27. 2021-07-27. BITRA – Update on Transnet IT disruptions - SENS. 2021-07-27. Moneyweb. en.
  14. Web site: McLeod . Duncan . 22 July 2021 . Transnet container operations hit by 'cyberattack' . 2021-07-27 . TechCentral.
  15. Web site: Naidoo . Suren . 2021-07-27 . Transnet cyber attack confirmed: Port terminals division declares force majeure . 2021-07-27 . Moneyweb . en.
  16. Web site: Toyana. Mfuneko. 2021-07-27. Business Maverick: Transnet ports division declares force majeure on container terminals after cyber attack. 2021-07-27. Daily Maverick. en.
  17. Web site: Njini . Felix . Naidoo . Prinesha . 27 July 2021 . South Africa Port Operator Declares Force Majeure Over Cyber Attack . 2021-07-27 . Bloomberg.
  18. Web site: Diphoko . Wesley . 2021-07-27 . Transnet website still down and chaos gets worse . 2021-07-27 . www.iol.co.za . en.