Transnet ransomware attack

Last updated

Transnet ransomware attack
Durban harbor.jpg
Port of Durban affected in the cyberattack
Date22 July 2021
Time SAST
LocationFlag of South Africa.svg  South Africa
TargetShipping infrastructure

On 22 July 2021, Transnet became a victim of a ransomware attack. [1] [2] [3] The attack caused Transnet to declare force majeure at several key container terminals, including Port of Durban, Ngqura, Port Elizabeth and Cape Town. [4] [5] [6] The attack was the first time that the "operational integrity of the country's critical maritime infrastructure has suffered a severe disruption" leading the Institute for Security Studies (ISS) to call its impact "unprecedented" in South African history. [7]

Contents

The ISS speculated that Transnet was withholding details about the attack as it was an issue of national security and because the attack might cause legal liabilities for the company. [7] Bloomberg News stated that the attackers encrypted files on Transnet's computer systems thereby preventing the company from accessing their own information whilst leaving instructions on how to start ransom negotiations. [8] The Bloomberg article quotes a source from the cybersecurity firm Crowdstrike Holdings Inc. which states that the ransomware used in the attack was linked to "strains known variously as “Death Kitty,” “Hello Kitty” and “Five Hands.”" and likely originated from Russia or Eastern Europe. [8] The Department of Public Enterprises stated that none of Transnet client's data had been compromised in the attack. [9]

The timing of the attack, which followed closely after the 2021 South African unrest following former South African President Jacob Zuma's imprisonment, caused speculation that the two events might have been part of a coordinated effort to disrupt economic activity in the country. [7] [10] The authorities stated that the two events were likely unrelated. [7]

Background

The Durban port handles 60% of South African container traffic. [11] [12] [13]

Timeline

Related Research Articles

South African Airways Flag-carrier airline of South Africa

South African Airways (SAA) is the flag carrier airline of South Africa. Founded in 1934, the airline is headquartered in Airways Park at O. R. Tambo International Airport in Johannesburg and operated a hub-and-spoke network, linking over 40 local and international destinations across Africa, Asia, Europe, North America, South America, and Oceania. The carrier joined Star Alliance in April 2006, making it the first African carrier to sign with one of the three major airline alliances.

Transnet South African rail, port and pipeline company

Transnet SOC Ltd is a large South African rail, port and pipeline company, headquartered in the Carlton Centre in Johannesburg. It was formed as a limited company on 1 April 1990. A majority of the company's stock is owned by the Department of Public Enterprises, or DPE, of the South African government. The company was formed by restructuring into business units the operations of South African Railways and Harbours and other existing operations and products.

Port of Cape Town Seaport of the city of Cape Town, South Africa

The Port of Cape Town is the port of the city of Cape Town, South Africa. It is situated in Table Bay.

Crime in South Africa Overview of crime in South Africa

Crime in South Africa includes all violent and non-violent crimes that take place in the country of South Africa, or otherwise within its jurisdiction.

Port of Ngqura Port in South Africa

The Port of Ngqura is a deepwater port on the east coast of South Africa, 20 km northeast of Gqeberha. It was authorised by an act of parliament in 2002, construction started in September 2002 and the port became operational in October 2009 when the MSC Catania docked at the port.

Port of Durban Major shipping terminal in Durban, South Africa

The Port of Durban, commonly called Durban Harbour, is the largest and busiest shipping terminal in sub-Saharan Africa. It handles up to 31.4 million tons of cargo each year. It is the fourth largest container terminal in the Southern Hemisphere, handling approximately 4.5 million TEU in 2019.

Herman Mashaba South African politician

Herman Samtseu Philip Mashaba is a South African politician, entrepreneur and the current president of ActionSA, a party he launched on 29 August 2020. He served as the Mayor of Johannesburg from 2016 to 2019. He is the founder of the hair product company Black Like Me. He is famous in South Africa for his background: he grew up struggling against poverty and the apartheid government to open his own hair business, which became the biggest hair brand in South Africa, making him a millionaire. He publicly backed Mmusi Maimane in the Democratic Alliance leadership race. He wrote the autobiography Black Like You and recently he wrote his new memoir "The accidental mayor". Mashaba is a libertarian and "capitalist crusader" whose highest value is "individual freedom."

WannaCry ransomware attack 2017 worldwide ransomware cyberattack

The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated through EternalBlue, an exploit developed by the United States National Security Agency (NSA) for older Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry's spread was from organizations that had not applied these, or were using older Windows systems that were past their end-of-life. These patches were imperative to organizations' cyber security but many were not implemented due to ignorance of their importance. Some have claimed a need for 24/7 operation, aversion to risking having formerly working applications breaking because of patch changes, lack of personnel or time to install them, or other reasons.

<i>Petya</i> and <i>NotPetya</i> Family of encrypting ransomware discovered in 2016

Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system.

2017 Ukraine ransomware attacks Series of powerful cyberattacks using the Petya malware

A series of powerful cyberattacks using the Petya malware began on 27 June 2017 that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms. Similar infections were reported in France, Germany, Italy, Poland, Russia, United Kingdom, the United States and Australia. ESET estimated on 28 June 2017 that 80% of all infections were in Ukraine, with Germany second hardest hit with about 9%. On 28 June 2017, the Ukrainian government stated that the attack was halted. On 30 June 2017, the Associated Press reported experts agreed that Petya was masquerading as ransomware, while it was actually designed to cause maximum damage, with Ukraine being the main target.

Magdalena Franciszka Wierzycka is a Polish-South African billionaire businesswoman. She is the co-founder and CEO of Sygnia Ltd, a financial services company. She is the richest woman in South Africa, and is also known for her anti-corruption activism. In 2020, the magazine Forbes listed her among "Africa's 50 Most Powerful Women".

The city of Atlanta, Georgia was the subject of a ransomware attack which began in March 2018. The city recognized the attack on Thursday, March 22, 2018, and publicly acknowledged it was a ransomware attack.

A2X Markets South African stock exchange

A2X Markets was founded by Sean Melnick, Ashley Mendelowitz and Kevin Brady, individuals with experience in financial markets and technology. Their goal was to create a new South African exchange to bring healthy competition to the South African Marketplace.

The 2019 Johannesburg riots occurred in the South African city of Johannesburg from 1–5 September 2019, leading to the deaths of at least seven people. The riots were xenophobic in nature, targeting foreign nationals from the rest of Africa. Retaliatory actions by rioters in other African nations was taken against South African brands. The South African Institute of Race Relations stated that the riots were similar in nature and origin to the 2008 xenophobic riots that also occurred in Johannesburg.

Organisation Undoing Tax Abuse

Organisation Undoing Tax Abuse (OUTA) is a registered non-profit Civil Action Organisation, located in Johannesburg, South Africa. The anti-corruption advocacy organisation focuses on tackling government corruption and misappropriation of public funds. It is crowd funded by the public and businesses within the Republic of South Africa.

COVID-19 vaccination in South Africa Plan to immunize against COVID-19 in South Africa

COVID-19 vaccination in South Africa is an ongoing immunisation campaign against severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2), the virus that causes coronavirus disease 2019 (COVID-19), in response to the ongoing pandemic in the country.

The Port of Port Elizabeth is a port in the city of Port Elizabeth, in the Eastern Cape, South Africa. Located in Algoa Bay, it handles dry bulk, bulk liquid, breakbulk and containers, as well as providing facilities for tugs and fishing vessels.

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack. Overseen by the FBI, the company paid the amount that was asked by the hacker group within several hours; upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool had a very long processing time to help get the system back up in time.

On May 30, 2021, JBS S.A., a Brazil-based meat processing company, suffered a cyberattack, disabling its beef and pork slaughterhouses. The attack impacted facilities in the United States, Canada, and Australia.

The 2021 South African unrest, also known as the Zuma unrest or Zuma riots, was a wave of civil unrest occurred in South Africa's KwaZulu-Natal and Gauteng provinces from 9 to 18 July 2021, sparked by the imprisonment of former President Jacob Zuma for contempt of court. Resulting protests against the incarceration triggered wider rioting and looting, much of it said to be undertaken by people not in support of Zuma and fuelled by job layoffs and economic inequality worsened by the COVID-19 pandemic policies. The unrest began in the province of KwaZulu-Natal on the evening of 9 July, and spread to the province of Gauteng on the evening of 11 July, and was the worst violence that South Africa had experienced since the end of Apartheid.

References

  1. Viljoen, Felix Njini and John. "Transnet declares force majeure at SA ports over cyberattack". Fin24. Retrieved 27 July 2021.
  2. Toyana, Mfuneko (26 July 2021). "BUSINESS MAVERICK: Transnet cyberattack puts employees' salaries at risk while backlogs at ports mount". Daily Maverick. Retrieved 27 July 2021.
  3. "Ships are starting to bypass SA ports as Transnet tells customers and staff of 'sabotage'". BusinessInsider. Retrieved 27 July 2021.
  4. Shead, Sam (27 July 2021). "South Africa port operations halted and workers reportedly put on leave after major cyberattack". CNBC. Retrieved 27 July 2021.
  5. Mokhoali, Veronica. "Ntshavheni: Govt still believes cyberattack at Transnet unrelated to unrest". ewn.co.za. Retrieved 27 July 2021.
  6. "WATCH | Transnet declares a force majeure | eNCA". www.enca.com. Retrieved 27 July 2021.
  7. 1 2 3 4 ISSAfrica.org (29 July 2021). "Cyber attacks expose the vulnerability of South Africa's ports". ISS Africa. Retrieved 2 August 2021.
  8. 1 2 Ryan, Gallagher; Burkhardt, Paul (29 July 2021). "'Death Kitty' Ransomware Linked to South African Port Attack". www.bloomberg.com. Bloomberg News . Retrieved 2 August 2021.{{cite web}}: CS1 maint: url-status (link)
  9. 1 2 "Data 'has not been compromised' in Transnet cyber attack, says Gordhan's department". Moneyweb. 29 July 2021. Retrieved 2 August 2021.
  10. "Call to 'connect dots between insurrection modus operandi and crippling Transnet cyber attack'". www.iol.co.za. 28 July 2021. Retrieved 2 August 2021.{{cite web}}: CS1 maint: url-status (link)
  11. Swart, Nadya (27 July 2021). "Flash Briefing: SA govt reaches pay deal with unions; Transnet cyber attack; Mango suspends flights". BizNews.com. Retrieved 27 July 2021.
  12. "SA's 'Gateway to Africa' status at risk as Transnet tries to fix IT system woes". www.iol.co.za. Retrieved 27 July 2021.
  13. Jul 2021, Moneyweb / 27 (27 July 2021). "BITRA – Update on Transnet IT disruptions - SENS". Moneyweb. Retrieved 27 July 2021.
  14. "Transnet container operations hit by 'cyberattack' - TechCentral". techcentral.co.za. Retrieved 27 July 2021.
  15. "Transnet cyber attack confirmed: Port terminals division declares force majeure". Moneyweb. 27 July 2021. Retrieved 27 July 2021.
  16. Toyana, Mfuneko (27 July 2021). "Business Maverick: Transnet ports division declares force majeure on container terminals after cyber attack". Daily Maverick. Retrieved 27 July 2021.
  17. "Bloomberg - Transnet Cyberattack". www.bloomberg.com. Retrieved 27 July 2021.{{cite web}}: CS1 maint: url-status (link)
  18. "Transnet website still down and chaos gets worse". www.iol.co.za. Retrieved 27 July 2021.


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.