Ports in South Africa have mostly returned to normal operations, according to the country’s government.
Last week, SA’s port operations authority, Transnet, was struck by a massive ransomware attack that crippled its digital systems leaving South Africa’s key container terminal in disarray.
“The return to operations is good news for the economy, as the Transnet ports and rail system are the backbone of the economy,” the ministry for public enterprises shared in a statement on Wednesday.
Transnet was left with no choice but to declare force majeure following the cyberattack on 22 July 2021. Force majeure is a legal clause that wavers any liability from Transnet for not being able to provide promised services for its clients. The clause is usually reserved for “acts of God” or events that were completely unexpected and unprepared for, such as natural disasters, warfare, or in this case a cyber attack.
According to the ministry, while operations have mostly returned to normal,”…the force majeure is currently in place and under review with the intention to lift it in the coming days.”
“The preliminary assessment of the cyberattack indicates that Transnet and its customer data [have] not been compromised,” the ministry said, quoted by Fin24.
“Death Kitty” Ransomware
According to an alleged copy of the ransomware note sent by the attackers to Transnet released by eNCA reporter Sli Masikane, the port authority’s systems were subject to data encryption via a strain of ransomware known as “Death Kitty.”
This strain, according to Bloomberg, is ransomware linked to several important data breaches carried out by threat actors from Eastern Europe or Russia, including an attack that leaked the source codes of video game developer CD Projekt’s Cyberpunk 2077 and The Witcher 3: Wild Hunt. This data leak, however, pales in comparison to the havoc caused by the Transnet attack.
“With the United States declaring ransomware a national threat, more criminals will shift their attention towards the emerging economies and South Africa is quite attractive,” says Anna Collard, SVP Content Strategy and Evangelist at KnowBe4 Africa, a cybersecurity awareness and training firm.
“The concerning point is what are we going to do in South Africa if and when more of our critical infrastructure comes under attack. It’s absolutely crucial that we (industry, public and private sector) need to collaborate and assist each other in cases like that and defend our country against this inevitable threat together,” Collard concludes.
A “Total Nightmare” for Import and Export
Transnet’s port division handles imports and exports of cars, goods containers, bulk and breakbulk such as manufacturing and construction equipment. The company also handles fresh produce and raw minerals like platinum, manganese and gold.
Gavin Kelly, CEO of the Road Freight Association, said that its members could not get their cargo in and out of the ports following the attack, and Terry Gale, chairperson of the Exporters Club of the Western Cape, said that the situation at Transnet’s ports had been a “total nightmare”.
The attack had left Transnet without a digital system to rely on for the tracking and accounting of the thousands of goods containers that enter and leave South Africa’s ports every day. Operations had to be done manually which, Gale says, had been very slow but at least some containers could finally begin moving.