Death Kitty Ransomware Linked to Attack on South African Ports

rpm

Admin
Staff member
Joined
Jul 22, 2003
Messages
66,765
‘Death Kitty’ Ransomware Linked to Attack on South African Ports

South Africa’s port and rail company appears to have been targeted with a strain of ransomware that cybersecurity experts have linked to a series of high-profile data breaches likely carried out by crime gangs from Eastern Europe and Russia.

The hackers left a ransom note on Transnet SOC Ltd.’s computers, seen by Bloomberg News, claiming they encrypted the company’s files, including a terabyte of personal data, financial reports and other documents. The note instructed the firm to visit a chat portal on the dark web to enter negotiations.
 
having personally been in ground Zero when notpetya hit, I can relate how bad it can get,
best is reload and take the hit, not negotiate with these scumbags, as it only invites trouble

sure a cybersecurity firm will be able to decrypt the data, as its usually similar to some of the existing tools out there
will probably cost less than the ransom they asked for.
 
All SOEs have been hit with ransomware.
It is called ANC, which is demand/stealing/looting money from tax payers..........
Correction, all SA has been infected, definitely not limited to SOE.
 
My question from day one, where are the backups?
True but it's also possible that some attacks could target and compromise backup and recovery systems. Especially if the attackers have been in the network, biding their time, gathering intelligence and extending their foothold until they're really ready to nail to you. And if they do that right, you could be proper f***ed no matter how well you think you did your backup solution.
 
My question from day one, where are the backups?
Not so easy, especially when the Ransomware often lays dormant for weeks or months before being activated. Trying to find a point where data is 'safe' might mean going back in time with big data loss.
 
True but it's also possible that some attacks could target and compromise backup and recovery systems. Especially if the attackers have been in the network, biding their time, gathering intelligence and extending their foothold until they're really ready to nail to you. And if they do that right, you could be proper f***ed no matter how well you think you did your backup solution.
There simply isn't any perfect strategy, system image backups, important systems on VMs, database backups, separate file server, create as many stop gaps as possible, then just hope, signs of the attack is discovered before everything is compromised. Databases are safe in a way if the initial design and validation strategy is sound, getting forensic teams to detect initial attack and time frame is much easier than having to audit an entire system and correct possible exploits.
 
Back
Top