Death Kitty Ransomware Linked to Attack on South African Ports

[rpm]

‘Death Kitty’ Ransomware Linked to Attack on South African Ports

South Africa’s port and rail company appears to have been targeted with a strain of ransomware that cybersecurity experts have linked to a series of high-profile data breaches likely carried out by crime gangs from Eastern Europe and Russia.

The hackers left a ransom note on Transnet SOC Ltd.’s computers, seen by Bloomberg News, claiming they encrypted the company’s files, including a terabyte of personal data, financial reports and other documents. The note instructed the firm to visit a chat portal on the dark web to enter negotiations.

 

[ChuckMeFarley]

Sigh, importers already struggling to get there containers now this on top of it.

 

[Jet-Fighter7700]

having personally been in ground Zero when notpetya hit, I can relate how bad it can get,
best is reload and take the hit, not negotiate with these scumbags, as it only invites trouble

sure a cybersecurity firm will be able to decrypt the data, as its usually similar to some of the existing tools out there
will probably cost less than the ransom they asked for.

 

[NiTeD]

The puns! Death pussy; in the dark web!

 

[Radioboy]

Ports attacked with ransomware used by Russian gangs.

Deputy President is in Russia.

Mkay.

 

[Kawak]

My question from day one, where are the backups?

 

[ThatGuy_ZA]

My question from day one, where are the backups?

But we use raid? /s

 

[ConfusedR]

All SOEs have been hit with ransomware.
It is called ANC, which is demand/stealing/looting money from tax payers..........

 

[Kawak]

All SOEs have been hit with ransomware.
It is called ANC, which is demand/stealing/looting money from tax payers..........

Correction, all SA has been infected, definitely not limited to SOE.

 

[InvisibleJim]

My question from day one, where are the backups?

True but it's also possible that some attacks could target and compromise backup and recovery systems. Especially if the attackers have been in the network, biding their time, gathering intelligence and extending their foothold until they're really ready to nail to you. And if they do that right, you could be proper f***ed no matter how well you think you did your backup solution.

 

[WalkWithMe]

My question from day one, where are the backups?

Not so easy, especially when the Ransomware often lays dormant for weeks or months before being activated. Trying to find a point where data is 'safe' might mean going back in time with big data loss.

 

[Kawak]

But we use raid? /s

Those blady cockroaches, why won't they just DIE...

Whoever made the promise that raid is backup, ffs...

 

[Supervan II]

One would think that they heeded the warning to take their WD Elements off-line ...

 

[Kawak]

True but it's also possible that some attacks could target and compromise backup and recovery systems. Especially if the attackers have been in the network, biding their time, gathering intelligence and extending their foothold until they're really ready to nail to you. And if they do that right, you could be proper f***ed no matter how well you think you did your backup solution.

There simply isn't any perfect strategy, system image backups, important systems on VMs, database backups, separate file server, create as many stop gaps as possible, then just hope, signs of the attack is discovered before everything is compromised. Databases are safe in a way if the initial design and validation strategy is sound, getting forensic teams to detect initial attack and time frame is much easier than having to audit an entire system and correct possible exploits.