Attackers who tried to flood the Internet-connected computers of South African banks with junk network traffic tried to extort two to four bitcoin from each bank.
This is according to CEO of the South African Banking Risk Information Centre (SABRIC), Susan Potgieter, who was speaking to E-tv news about the attacks on 25 October.
At the exchange rates over the past few days, the bitcoin demanded by the attackers would amount to between R200,000 and R550,000 per bank.
If the attackers targeted five of South Africa’s banks, that means they stood to make up to R2.75 million.
SABRIC issued a statement on behalf of the banking industry on Friday which said that South African banks had been facing a wave of distributed denial of service (DDoS) attacks since 23 October.
Potgieter emphasised that DDoS attacks do not involve hacking or a data breach, and therefore no customer data is at risk.
However, DDoS attacks may cause service disruptions as they flood networks with junk traffic. Potgieter said that these disruptions will be minor, and will be limited to public-facing services.
“These attacks started with a ransom note which was delivered via email to both unattended as well as staff email addresses, all of which were publicly available.”
Potgieter said that she had not seen the ransom notes herself, but had been informed by the banks how much the attackers were trying to extort from them.
“Threat intelligence which has surfaced has revealed that this is a multi-jurisdictional attack with entities from several countries being targeted and should therefore not be viewed as a targeted attack on South African companies only.”
By Friday evening, MyBroadband had received word from Absa, Capitec, Nedbank, and Standard Bank stating that the effects of the DDoS attacks had been minor. FNB referred our queries to SABRIC.
There had been either minor disruptions to online banking services or, in Capitec’s case, no disruptions at all.
No link to theft and ransom on City of Joburg data
SABRIC’s statement was prompted by a media storm which started after the City of Joburg revealed that it had become the victim of a computer security breach.
Shadow Kill Hackers, the group claiming responsibility for the attack on the City of Joburg, said that it downloaded sensitive financial data. The group threatened to upload the data to the Internet unless the city paid for “a full detailed scenario attack report”.
SABRIC and the banks all emphasised the difference in the two types of attacks and assured customers that there had been no successful hack on the banks.
Shadow Kill hackers also posted on Twitter that it had nothing to do with the DDoS attacks on South African banks.