Transnet ransomware attack
On 22 July 2021, Transnet became a victim of a ransomware attack.[1][2][3] The attack caused Transnet to declare force majeure at several key container terminals, including Port of Durban, Ngqura, Port Elizabeth and Cape Town.[4][5][6] The attack was the first time that the "operational integrity of the country's critical maritime infrastructure has suffered a severe disruption" leading the Institute for Security Studies (ISS) to call its impact "unprecedented" in South African history.[7]
Date | 22 July 2021 |
---|---|
Time | SAST |
Location | South Africa |
Target | Shipping infrastructure |
The ISS speculated that Transnet was withholding details about the attack as it was an issue of national security and because the attack might cause legal liabilities for the company.[7] Bloomberg News stated that the attackers encrypted files on Transnet's computer systems thereby preventing the company from accessing their own information whilst leaving instructions on how to start ransom negotiations.[8] The Bloomberg article quotes a source from the cybersecurity firm Crowdstrike Holdings Inc. which states that the ransomware used in the attack was linked to "strains known variously as “Death Kitty,” “Hello Kitty” and “Five Hands.”" and likely originated from Russia or Eastern Europe.[8] The Department of Public Enterprises stated that none of Transnet client's data had been compromised in the attack.[9]
The timing of the attack, which followed closely after the 2021 South African unrest following former South African President Jacob Zuma's imprisonment, caused speculation that the two events might have been part of a coordinated effort to disrupt economic activity in the country.[7][10] The authorities stated that the two events were likely unrelated.[7]
Background
The Durban port handles 60% of South African container traffic.[11][12][13]
Timeline
- July 22, Transnet ransomware attack occurred.
- July 26, most computer systems had been restored.[14][15]
- July 27, Transnet's investigation into the attack's severity was still ongoing.[16][17][18]
- July 28, Department of Public Enterprises stated that Transnet had fully restored operations at the ports.[9]
References
- Viljoen, John; Njini, Felix (27 July 2021). "Transnet declares force majeure at SA ports over cyberattack". Fin24. Retrieved 27 July 2021.
- Toyana, Mfuneko (26 July 2021). "BUSINESS MAVERICK: Transnet cyberattack puts employees' salaries at risk while backlogs at ports mount". Daily Maverick. Retrieved 27 July 2021.
- de Wet, Phillip (27 July 2021). "Ships are starting to bypass SA ports as Transnet tells customers and staff of 'sabotage'". News24. Retrieved 27 July 2021.
- Shead, Sam (27 July 2021). "South Africa port operations halted and workers reportedly put on leave after major cyberattack". CNBC. Retrieved 27 July 2021.
- Mokhoali, Veronica; Ntshidi, Edwin (24 July 2021). "Ntshavheni: Govt still believes cyberattack at Transnet unrelated to unrest". ewn.co.za. Retrieved 27 July 2021.
- "Transnet declares a force majeure". www.enca.com. Retrieved 27 July 2021.
- Reva, Denys (29 July 2021). "Cyber attacks expose the vulnerability of South Africa's ports". ISS Africa. Retrieved 2 August 2021.
- Ryan, Gallagher; Burkhardt, Paul (29 July 2021). "'Death Kitty' Ransomware Linked to South African Port Attack". Bloomberg News. Retrieved 2 August 2021.
- Naidoo, Suren (29 July 2021). "Data 'has not been compromised' in Transnet cyber attack, says Gordhan's department". Moneyweb. Retrieved 2 August 2021.
- "Call to 'connect dots between insurrection modus operandi and crippling Transnet cyber attack'". www.iol.co.za. 28 July 2021. Retrieved 2 August 2021.
- Swart, Nadya (27 July 2021). "Flash Briefing: SA govt reaches pay deal with unions; Transnet cyber attack; Mango suspends flights". BizNews.com. Retrieved 27 July 2021.
- Ginindza, Banele (26 July 2021). "SA's 'Gateway to Africa' status at risk as Transnet tries to fix IT system woes". www.iol.co.za. Retrieved 27 July 2021.
- Jul 2021, Moneyweb / 27 (27 July 2021). "BITRA – Update on Transnet IT disruptions - SENS". Moneyweb. Retrieved 27 July 2021.
- McLeod, Duncan (22 July 2021). "Transnet container operations hit by 'cyberattack'". TechCentral. Retrieved 27 July 2021.
- Naidoo, Suren (27 July 2021). "Transnet cyber attack confirmed: Port terminals division declares force majeure". Moneyweb. Retrieved 27 July 2021.
- Toyana, Mfuneko (27 July 2021). "Business Maverick: Transnet ports division declares force majeure on container terminals after cyber attack". Daily Maverick. Retrieved 27 July 2021.
- Njini, Felix; Naidoo, Prinesha (27 July 2021). "South Africa Port Operator Declares Force Majeure Over Cyber Attack". Bloomberg. Retrieved 27 July 2021.
- Diphoko, Wesley (27 July 2021). "Transnet website still down and chaos gets worse". www.iol.co.za. Retrieved 27 July 2021.