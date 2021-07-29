1h ago

add bookmark

'Death Kitty' ransomware linked to attack on South African ports

accreditation
Ryan Gallagher & Paul Burkhardt
0:00
play article
Subscribers can listen to this article
The cyberattack on 22 July caused Transnet to declare force majeure at container terminals and switch to manual processing of cargo.
The cyberattack on 22 July caused Transnet to declare force majeure at container terminals and switch to manual processing of cargo.
Getty Images

Transnet appears to have been targeted with a strain of ransomware that cybersecurity experts have linked to a series of high-profile data breaches likely carried out by crime gangs from Eastern Europe and Russia.

The hackers left a ransom note on Transnet's computers, seen by Bloomberg News, claiming they encrypted the company’s files, including a terabyte of personal data, financial reports and other documents. The note instructed the firm to visit a chat portal on the dark web to enter negotiations.

Transnet spokesperson Ayanda Shezi didn’t answer multiple phone calls and WhatsApp messages seeking comment. A probe into the motive for the attack is still underway, Public Enterprises Minister Pravin Gordhan said in a statement on Wednesday.

The cyberattack on 22 July caused the company to declare force majeure at container terminals and switch to manual processing of cargo. Transnet’s Durban port alone handles more than half of the nation’s shipments and is the main gateway for other commodity exporters including the Democratic Republic of Congo and Zambia. The disruption follows deadly protests in South Africa earlier this month that also interrupted operations.

The Transnet ransom note was similar to others seen in recent months, according to cybersecurity firm Crowdstrike Holdings Inc. It is linked to ransomware strains known variously as "Death Kitty", "Hello Kitty" and "Five Hands", said Adam Meyers, vice-president of intelligence at Crowdstrike. Those strains have been observed this year targeting Polish video game maker CD Projekt and exploiting security vulnerabilities in SonicWall products.

Many organisations still don’t have a robust cybersecurity risk management policy, and that means "industries like logistics and critical infrastructure are vulnerable to attack", said Lisa Donnan, a partner at cyber investment group Option3Ventures. There’s also a global shortage of cybersecurity workers as incidents are increasing along with the average ransom price rising to $200 000 from $5 000 in 2018, she said.

Transnet made for a "ripe target" because its ports are critical to the country and the broader region, Donnan said in an emailed response to questions. "Unfortunately, many organisations find out after an attack that cybersecurity is a business issue not an IT issue," she said.

The location and identity of the Transnet hackers is unclear. Meyers said they were likely of Eastern European or Russian origin, where many ransomware groups are based.

Some advertise their exploits online and use forums on the dark web to hire hackers to work with them, but the gang associated with "Death Kitty" and its variants have kept a lower profile, according to Meyers. "We have not observed any recruitment or selling of anything consistent with this ransomware, so it is either a closed group or a private service that doesn’t advertise."

Transnet has fully restored operations at the nation’s ports after reinstating its automated terminal-operating system. Other systems are being brought up in a staggered manner, Gordhan said.

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Read more on:
transnetrussiacyberattackhackersransomware
Rand - Dollar
14.58
+1.1%
Rand - Pound
20.36
+0.7%
Rand - Euro
17.31
+0.9%
Rand - Aus dollar
10.78
+0.9%
Rand - Yen
0.13
+1.1%
Gold
1,825.15
+1.0%
Silver
25.56
+2.3%
Palladium
2,661.74
+1.3%
Platinum
1,080.50
+0.9%
Brent Crude
74.74
+0.4%
Top 40
63,438
+1.7%
All Share
69,596
+1.6%
Resource 10
71,857
+2.3%
Industrial 25
88,559
+1.4%
Financial 15
12,937
+0.9%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Voting Booth
In light of the recent looting, do you think a basic income grant is the right approach to deal with SA’s hunger and poverty problems?
Please select an option Oops! Something went wrong, please try again later.
Results
It will go a long way in helping fight the symptoms of SA’s entrenched inequality, especially for those who are starving right now
20% - 1444 votes
SA’s problems are complex, and we instead need to spend that money on building and growing our economy, which will help the country in the long run
31% - 2239 votes
All grants are a problem as they foster a reliance on handouts
49% - 3550 votes
Vote
Previous Results
Covid-19 Money Hub
Covid-19 Money Hub - answering your business and money questions during the crisis

22 Jul 2020

Covid-19 Money Hub - answering your business and money questions during the crisis
MONEY CLINIC | Can I get a loan while under debt review?

24 Jul

MONEY CLINIC | Can I get a loan while under debt review?
MONEY CLINIC | My son has permanent residency in the UK - should he emigrate...

21 Jul

MONEY CLINIC | My son has permanent residency in the UK - should he emigrate financially?
MONEY CLINIC | I entered into debt review a year ago and can't cope - what should...

14 Jul

MONEY CLINIC | I entered into debt review a year ago and can't cope - what should I do?
Read more
Apple Store Google Play
© 2021 (1.1.21201.14) 24.com. All rights reserved.
Terms and Conditions Media24 Privacy Policy
Contact Us
Iab Logo