{"id":407220,"date":"2021-07-23T12:05:16","date_gmt":"2021-07-23T10:05:16","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=407220"},"modified":"2021-07-23T21:21:25","modified_gmt":"2021-07-23T19:21:25","slug":"new-details-about-transnet-cyberattack","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/407220-new-details-about-transnet-cyberattack.html","title":{"rendered":"New details about Transnet cyberattack"},"content":{"rendered":"

Transnet has been the victim of a ransomware attack, eNCA journalist Sli Masikane has reported<\/a><\/strong>.<\/p>\n

The report stated that Transnet employees received notices to disconnect all their devices from the state-owned logistics company’s network and not to access their emails on their phones.<\/p>\n

Masikane also posted a screenshot of the ransomware note left by the attackers containing an address to a chat service on the dark web.<\/p>\n

News emerged yesterday from within the freight and logistics industry in South Africa that Transnet had been the victim of a cyberattack<\/strong><\/a> and its IT systems were offline.<\/p>\n

This led to speculation regarding whether Transnet was hit with a regular ransomware attack or whether the attack is related to the recent public violence in South Africa.<\/p>\n

President Cyril Ramaphosa has characterised the riots and looting that gripped parts of KwaZulu-Natal and Gauteng earlier this month as a failed insurrection<\/strong><\/a>.<\/p>\n

The acting minister in the Presidency, Khumbudzo Ntshavheni, said during a recent media briefing that government is currently treating the attack on Transnet as unrelated to the insurrection.<\/p>\n

“We are investigating, and when information comes to the fore, we will either confirm or dispel whether the incident is related,” Ntshavheni said.<\/p>\n

Masikane posted screenshots of two messages that were reportedly sent to Transnet employees yesterday. The first stated:<\/p>\n

URGENT! Please communicate to all your teams to shutdown all laptops, desktops &
\ntablets connected to the domain. Also DO NOT access emails on your phones until further notice. No MS Teams meetings until further notice<\/p><\/blockquote>\n

The second message was as follows:<\/p>\n

Good Morning All. Urgent message from ICTM. Transnet systems have been hacked and compromised. Please disconnect from the Transnet network immediately untill advised
\notherwise. This impacts remote access via APN\/VPN (3g or home Wifi) or direct access via LAN if you are in the office. This will also include Outlook (emails). You can continue to
\nonly work offline on your machine.<\/p><\/blockquote>\n

MyBroadband visited the address and tried to contact the attackers, but the chat service prompts for an account name and password.<\/p>\n

We received no other response to the messages we posted on the chat service than the login prompt.<\/p>\n

\"\"<\/a><\/p>\n

Transnet downplayed the severity of the impact on its operations, saying that its freight rail, pipelines, engineering, and property divisions reported normal activity.<\/p>\n

It said port terminals are operational except for container terminals, as the Navis system on the trucking side has been affected.<\/p>\n

However, Transnet also admitted that the Ports Authority only continues to operate because vessels moving in and out of the port are being recorded manually.<\/p>\n

According to Transnet\u2019s statistics for June 2021, it processed 13,135 containers per day at its terminal facilities.<\/p>\n

The economic impact of an extended outage of its IT systems would be devastating.<\/p>\n

Navis issued a statement emphasising that its system was not the source of the disruption affecting Transnet.<\/p>\n

It said in its statement that Transnet shut down all its systems, including the servers running Navis’ N4 application, as a precautionary measure.<\/p>\n

“Navis […] is in close contact with the Transnet team as they work to identify and isolate the cause of the disruption and restore operations,” the company stated.<\/p>\n

Jayson O’Reilly, the head of Atvance Intellect’s cybersecurity division, told Bruce Whitfield on 702 that unless Transnet was properly prepared for a cyberattack, it could take weeks or even months to recover its systems.<\/p>\n

O’Reilly said that how quickly Transnet recovers from the attack depends on how well it has been practising standard IT hygiene:<\/p>\n