State-owned rail, port and pipeline company Transnet says it has identified and isolated the source of the disruption to its IT systems.
Yesterday, the state-owned company acknowledged it was experiencing issues with its IT systems. This followed a report by SA Trucker that the Transnet Port Terminals website was down after it had allegedly been hacked.
According to the publication, reports from insiders who cannot be named because they are not allowed to speak to the media suggest the cyber attack hit Transnet-wide.
This implies that all the companies under the state-run Transnet have been affected, it added.
In a statement today, Transnet says its technical teams continue to work around the clock to ensure the impact remains minimal.
“As part of efforts to support South Africa’s exports, manual port and rail operations continue. Transnet is prioritising the export of reefer containers, primarily through the port of Durban. This, as the citrus season nears its peak,” says Ayanda Shezi, Transnet spokesperson.
“Two export-bound vessels have started a loading cycle at Pier 2, while the third vessel is discharging imports at Pier 1, and will soon commence with the loading of reefer containers. Since the start of the season in April, reefer container volumes are 12% higher than the same period last year."
Shezi points out that manual operations continue in Richards Bay. In the Eastern Cape, she adds, the East London and PE container and auto terminals are working manually.
“The Ngqura Container Terminal continues to be impacted by high swells. This also applies to the Cape Town Container Terminal. All other terminals in the Western Cape are working manually. Transnet continues to engage with affected customers throughout the process."
Addressing members of the media yesterday, acting minister in the Presidency, Khumbudzo Ntshavheni, said government is investigating whether the IT system disruption at Transnet was linked to recent unrest that gripped parts of KwaZulu-Natal and Gauteng.
However, she pointed out that at the moment, government is looking at the events as unrelated.
Anna Collard, senior vice-president of content strategy and evangelist at KnowBe4 Africa, believes that although not officially confirmed, it is very likely Transnet was hit by a ransomware attack.
She points out that the most frequent attack vector associated with ransomware is typically social engineering, where the criminals target one or multiple staff members with cleverly-crafted phishing e-mails.
“Once the target opens the attachment or clicks on the malicious link, it downloads and executes the malware. Other popular infection methods are through exploiting unpatched or vulnerable systems.”
According to Collard, ransomware groups or affiliates targeting large organisations or critical infrastructure are also called “big-game hunters” because they know that the stakes are high and it's very likely these companies will pay the ransom, regardless in which country.
“However, with the United Stated declaring ransomware a national threat, it may shift the attention of more and more criminals towards the emerging economies and South Africa is quite attractive, because on the one hand, we have developed infrastructure, a high degree of digitisation but at the same time, not enough government capacity to defend against this on a national level.
“This is really just speculation now, but with what has been going on in the last two weeks, some industry experts are wondering if this attack may even be politically-motivated.
“Personally, I suspect it’s probably more financially-driven but at this point, I don't know what type of ransomware group this is associated with, or how big the ransom demand is. The concerning point is what are we going to do in South Africa if and when more of our critical infrastructure is under attack. It's absolutely crucial that we (industry, public and private sector) need to collaborate and assist each other in cases like that and defend our country against this inevitable threat together,” she concludes.
Share