TechCentralTechCentral
    Facebook Twitter YouTube LinkedIn
    Facebook Twitter LinkedIn YouTube
    TechCentralTechCentral
    NEWSLETTER
    • News

      Samsung unveils its latest foldable smartphones

      10 August 2022

      Willington Ngwepe to step down as Icasa CEO

      10 August 2022

      The tech proves it: South African women are better drivers than men

      10 August 2022

      BT, Seacom sign ‘strategic alliance’ for enterprise services

      10 August 2022

      Cape Town’s DataProphet expands funding to R165-million

      10 August 2022
    • World

      Elon Musk sells $6.9-billion of Tesla to avoid Twitter fire sale

      10 August 2022

      Nvidia issues profit warning on slump in demand for graphics cards

      8 August 2022

      Buterin: Mining on Ethereum Classic won’t affect Merge

      8 August 2022

      Musk challenges Twitter CEO to a public debate

      7 August 2022

      Amazon splashes $1.7-billion on Roomba maker iRobot

      5 August 2022
    • In-depth

      The length of Earth’s days has been increasing – and no one knows why

      7 August 2022

      As Facebook fades, the Mad Men of advertising stage a comeback

      2 August 2022

      Crypto breaks the rules. That’s the point

      27 July 2022

      E-mail scams are getting chillingly personal

      17 July 2022

      Webb telescope’s stunning images of the cosmos

      12 July 2022
    • Podcasts

      e4’s Adri Führi on encouraging more women into tech careers

      10 August 2022

      How South Africa can woo more women into tech

      4 August 2022

      Book and check-in via WhatsApp? FlySafair is on it

      28 July 2022

      Interview: Why Dell’s next-gen PowerEdge servers change the game

      28 July 2022

      Demystifying the complexity of AI – fact vs fiction

      6 July 2022
    • Opinion

      SIU seeks to set aside R215-million IT tender

      19 July 2022

      No reason South Africa should have a shortage of electricity: Ramaphosa

      11 July 2022

      Ntshavheni’s bias against the private sector

      8 July 2022

      South Africa can no longer rely on Eskom alone

      4 July 2022

      Has South Africa’s advertising industry lost its way?

      21 June 2022
    • Company Hubs
      • 1-grid
      • Altron Document Solutions
      • Amplitude
      • Atvance Intellect
      • Axiz
      • BOATech
      • CallMiner
      • Digital Generation
      • E4
      • ESET
      • Euphoria Telecom
      • IBM
      • Kyocera Document Solutions
      • Microsoft
      • Nutanix
      • One Trust
      • Pinnacle
      • Skybox Security
      • SkyWire
      • Tarsus on Demand
      • Videri Digital
      • Zendesk
    • Sections
      • Banking
      • Broadcasting and Media
      • Cloud computing
      • Consumer electronics
      • Cryptocurrencies
      • Education and skills
      • Energy
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Motoring and transport
      • Public sector
      • Science
      • Social media
      • Talent and leadership
      • Telecoms
    • Advertise
    TechCentralTechCentral
    Home»Sections»Information security»Transnet likely hit by Death Kitty ransomware attack

    Transnet likely hit by Death Kitty ransomware attack

    Information security By Agency Staff29 July 2021
    Facebook Twitter LinkedIn WhatsApp Telegram Email

    Transnet appears to have been targeted with a strain of ransomware that cybersecurity experts have linked to a series of high-profile data breaches likely carried out by crime gangs from Eastern Europe and Russia.

    The hackers left a ransom note on Transnet’s computers claiming they encrypted the company’s files, including 1TB of personal data, financial reports and other documents. The note instructed the firm to visit a chat portal on the dark Web to enter negotiations.

    Transnet spokeswoman Ayanda Shezi didn’t answer multiple phone calls and WhatsApp messages seeking comment. A probe into the motive for the attack is still under way, public enterprises minister Pravin Gordhan said in a statement on Wednesday.

    The hackers left a ransom note on Transnet’s computers claiming they encrypted the company’s files

    The cyberattack on 22 July caused the company to declare force majeure at container terminals and switch to manual processing of cargo. Transnet’s Durban port alone handles more than half of the nation’s shipments and is the main gateway for other commodity exporters including the Democratic Republic of Congo and Zambia. The disruption follows deadly protests in South Africa earlier this month that also interrupted operations.

    Ransom note

    The Transnet ransom note was similar to others seen in recent months, according to cybersecurity firm Crowdstrike. It is linked to ransomware strains known variously as “Death Kitty”, “Hello Kitty” and “Five Hands”, said Adam Meyers, vice president of intelligence at Crowdstrike. Those strains have been observed this year targeting Polish videogame maker CD Projekt and exploiting security vulnerabilities in SonicWall products.

    Many organisations still don’t have a robust cybersecurity risk management policy, and that means “industries like logistics and critical infrastructure are vulnerable to attack”, said Lisa Donnan, a partner at cyber investment group Option3Ventures. There’s also a global shortage of cybersecurity workers as incidents are increasing along with the average ransom price rising to US$200 000 from $5 000 in 2018, she said.

    Transnet made for a “ripe target” because its ports are critical to the country and the broader region, Donnan said in an e-mailed response to questions. “Unfortunately, many organisations find out after an attack that cybersecurity is a business issue and not an IT issue,” she said.

    The location and identity of the Transnet hackers is unclear. Meyers said they were likely of Eastern European or Russian origin, where many ransomware groups are based.

    Some advertise their exploits online and use forums on the dark Web to hire hackers to work with them, but the gang associated with “Death Kitty” and its variants has kept a lower profile, according to Meyers. “We have not observed any recruitment or selling of anything consistent with this ransomware, so it is either a closed group or a private service that doesn’t advertise.”

    Transnet has fully restored operations at the nation’s ports after reinstating its automated terminal-operating system. Other systems are being brought up in a staggered manner, Gordhan said.  — Reported by Ryan Gallagher and Paul Burkhardt, (c) 2021 Bloomberg LP

    Crowdstrike Pravin Gordhan top Transnet
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email
    Previous ArticleTencent is world’s worst bet after R2.5-trillion bloodbath
    Next Article Major incident rocks the International Space Station

    Related Posts

    Samsung unveils its latest foldable smartphones

    10 August 2022

    Willington Ngwepe to step down as Icasa CEO

    10 August 2022

    e4’s Adri Führi on encouraging more women into tech careers

    10 August 2022
    Add A Comment

    Comments are closed.

    Promoted

    How secure is your cloud?

    10 August 2022

    5 ways to make attack-path management more manageable

    10 August 2022

    Smart homes need even smarter Wi-Fi

    10 August 2022
    Opinion

    SIU seeks to set aside R215-million IT tender

    19 July 2022

    No reason South Africa should have a shortage of electricity: Ramaphosa

    11 July 2022

    Ntshavheni’s bias against the private sector

    8 July 2022

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2022 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.