Transnet ransomware attack

From HandWiki
Revision as of 17:14, 6 February 2024 by AIposter (talk | contribs) (link)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Short description: 2021 cyberattack attack on the Transnet

Transnet ransomware attack
Durban harbor.jpg
Port of Durban affected in the cyberattack
Date22 July 2021
TimeSAST
Location South Africa
TargetShipping infrastructure

On 22 July 2021, Transnet became a victim of a ransomware attack.[1][2][3] The attack caused Transnet to declare force majeure at several key container terminals, including Port of Durban, Ngqura, Port Elizabeth and Cape Town.[4][5][6] The attack was the first time that the "operational integrity of the country's critical maritime infrastructure has suffered a severe disruption" leading the Institute for Security Studies (ISS) to call its impact "unprecedented" in South African history.[7]

The ISS speculated that Transnet was withholding details about the attack as it was an issue of national security and because the attack might cause legal liabilities for the company.[7] Bloomberg News stated that the attackers encrypted files on Transnet's computer systems thereby preventing the company from accessing their own information whilst leaving instructions on how to start ransom negotiations.[8] The Bloomberg article quotes a source from the cybersecurity firm Crowdstrike Holdings Inc. which states that the ransomware used in the attack was linked to "strains known variously as “Death Kitty,” “Hello Kitty” and “Five Hands.”" and likely originated from Russia or Eastern Europe.[8] The Department of Public Enterprises stated that none of Transnet client's data had been compromised in the attack.[9]

The timing of the attack, which followed closely after the 2021 South African unrest following former South African President Jacob Zuma's imprisonment, caused speculation that the two events might have been part of a coordinated effort to disrupt economic activity in the country.[7][10] The authorities stated that the two events were likely unrelated.[7]

Background

The Durban port handles 60% of South African container traffic.[11][12][13]

Timeline

  • July 22, Transnet ransomware attack occurred.
  • July 26, most computer systems had been restored.[14][15]
  • July 27, Transnet's investigation into the attack's severity was still ongoing.[16][17][18]
  • July 28, Department of Public Enterprises stated that Transnet had fully restored operations at the ports.[9]

References

  1. Viljoen, John; Njini, Felix (27 July 2021). "Transnet declares force majeure at SA ports over cyberattack" (in en-US). https://www.news24.com/fin24/companies/transnet-declares-force-majeure-at-sa-ports-over-cyber-attack-20210727. 
  2. Toyana, Mfuneko (2021-07-26). "BUSINESS MAVERICK: Transnet cyberattack puts employees' salaries at risk while backlogs at ports mount" (in en). https://www.dailymaverick.co.za/article/2021-07-26-transnet-cyberattack-puts-employees-salaries-at-risk-while-backlogs-at-ports-mount/. 
  3. de Wet, Phillip (27 July 2021). "Ships are starting to bypass SA ports as Transnet tells customers and staff of 'sabotage'". https://www.businessinsider.co.za/transnet-admits-it-was-hacked-as-ships-start-skipping-south-africas-ports-2021-7. 
  4. Shead, Sam (2021-07-27). "South Africa port operations halted and workers reportedly put on leave after major cyberattack" (in en). https://www.cnbc.com/2021/07/27/transnet-halts-port-operations-in-south-africa-after-major-cyberattack.html. 
  5. Mokhoali, Veronica; Ntshidi, Edwin (24 July 2021). "Ntshavheni: Govt still believes cyberattack at Transnet unrelated to unrest" (in en). https://ewn.co.za/2021/07/24/ntshavheni-govt-still-believes-cyberattack-at-transnet-unrelated-to-unrest. 
  6. "Transnet declares a force majeure" (in en). https://www.enca.com/business/transnet-declares-force-majeure. 
  7. 7.0 7.1 7.2 7.3 Reva, Denys (2021-07-29). "Cyber attacks expose the vulnerability of South Africa's ports" (in en). https://issafrica.org/iss-today/cyber-attacks-expose-the-vulnerability-of-south-africas-ports. 
  8. 8.0 8.1 Ryan, Gallagher; Burkhardt, Paul (29 July 2021). "'Death Kitty' Ransomware Linked to South African Port Attack". https://www.bloomberg.com/news/articles/2021-07-29/-death-kitty-ransomware-linked-to-attack-on-south-african-ports. 
  9. 9.0 9.1 Naidoo, Suren (2021-07-29). "Data 'has not been compromised' in Transnet cyber attack, says Gordhan's department" (in en). https://www.moneyweb.co.za/news/economy/data-has-not-been-compromised-in-transnet-cyber-attack-says-gordhans-department/. 
  10. "Call to 'connect dots between insurrection modus operandi and crippling Transnet cyber attack'" (in en). 28 July 2021. https://www.iol.co.za/news/politics/call-to-connect-dots-between-insurrection-modus-operandi-and-crippling-transnet-cyber-attack-8d48c4e9-a3a7-4140-81de-5597a20a430b. 
  11. Swart, Nadya (2021-07-27). "Flash Briefing: SA govt reaches pay deal with unions; Transnet cyber attack; Mango suspends flights" (in en-GB). https://www.biznews.com/asset-management/2021/07/27/mango-flights. 
  12. Ginindza, Banele (July 26, 2021). "SA's 'Gateway to Africa' status at risk as Transnet tries to fix IT system woes" (in en). https://www.iol.co.za/business-report/companies/sas-gateway-to-africa-status-at-risk-as-transnet-tries-to-fix-it-system-woes-32eea568-91b4-4f54-86f4-3743b760f8ae. 
  13. Jul 2021, Moneyweb / 27 (2021-07-27). "BITRA – Update on Transnet IT disruptions - SENS" (in en). https://www.moneyweb.co.za/mny_sens/bitra-update-on-transnet-it-disruptions/. 
  14. McLeod, Duncan (22 July 2021). "Transnet container operations hit by 'cyberattack'". https://techcentral.co.za/transnet-systems-reportedly-down-after-cyberattack/109394/. 
  15. Naidoo, Suren (2021-07-27). "Transnet cyber attack confirmed: Port terminals division declares force majeure" (in en). https://www.moneyweb.co.za/news/companies-and-deals/transnet-cyber-attack-confirmed-port-terminals-division-declares-force-majeure/. 
  16. Toyana, Mfuneko (2021-07-27). "Business Maverick: Transnet ports division declares force majeure on container terminals after cyber attack" (in en). https://www.dailymaverick.co.za/article/2021-07-27-transnet-ports-division-declares-force-majeure-on-container-terminals-after-cyber-attack/. 
  17. Njini, Felix; Naidoo, Prinesha (27 July 2021). "South Africa Port Operator Declares Force Majeure Over Cyber Attack". https://www.bloomberg.com/news/articles/2021-07-27/s-africa-port-operator-declares-force-majeure-over-cyber-attack-krln4ku6. 
  18. Diphoko, Wesley (2021-07-27). "Transnet website still down and chaos gets worse" (in en). https://www.iol.co.za/technology/software-and-internet/transnet-website-still-down-and-chaos-gets-worse-7a3fe743-5994-4c5e-aa96-900c7733e8f0.