{"id":408012,"date":"2021-07-29T13:58:49","date_gmt":"2021-07-29T11:58:49","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=408012"},"modified":"2021-07-29T14:00:24","modified_gmt":"2021-07-29T12:00:24","slug":"transnet-hit-with-death-kitty-ransomware","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/408012-transnet-hit-with-death-kitty-ransomware.html","title":{"rendered":"Transnet hit with Death Kitty ransomware"},"content":{"rendered":"<p>South Africa\u2019s port and rail company appears to have been targeted with a strain of ransomware that cybersecurity experts have linked to a series of high-profile data breaches likely carried out by crime gangs from Eastern Europe and Russia.<\/p>\n<p>The hackers left a ransom note on Transnet SOC Ltd.\u2019s computers, seen by Bloomberg News, claiming they encrypted the company\u2019s files, including a terabyte of personal data, financial reports and other documents. The note instructed the firm to visit a chat portal on the dark web to enter negotiations.<\/p>\n<p>Transnet spokeswoman Ayanda Shezi didn\u2019t answer multiple phone calls and WhatsApp messages seeking comment. A probe into the motive for the attack is still underway, Public Enterprises Minister Pravin Gordhan said in a statement on Wednesday.<\/p>\n<p>The cyberattack on July 22 caused the company to declare force majeure at container terminals and switch to manual processing of cargo. Transnet\u2019s Durban port alone handles more than half of the nation\u2019s shipments and is the main gateway for other commodity exporters including the Democratic Republic of Congo and Zambia. The disruption follows deadly protests in South Africa earlier this month that also interrupted operations.<\/p>\n<p>The Transnet ransom note was similar to others seen in recent months, according to cybersecurity firm Crowdstrike Holdings Inc. It is linked to ransomware strains known variously as \u201cDeath Kitty,\u201d \u201cHello Kitty\u201d and \u201cFive Hands,\u201d said Adam Meyers, vice president of intelligence at Crowdstrike. Those strains have been observed this year targeting Polish video game maker CD Projekt and exploiting security vulnerabilities in SonicWall products.<\/p>\n<p>Many organizations still don\u2019t have a robust cybersecurity risk management policy, and that means \u201cindustries like logistics and critical infrastructure are vulnerable to attack,\u201d said Lisa Donnan, a partner at cyber investment group Option3Ventures. There\u2019s also a global shortage of cybersecurity workers as incidents are increasing along with the average ransom price rising to $200,000 from $5,000 in 2018, she said.<\/p>\n<p>Transnet made for a \u201cripe target\u201d because its ports are critical to the country and the broader region, Donnan said in an emailed response to questions. \u201cUnfortunately, many organizations find out after an attack that cybersecurity is a business issue not an IT issue,\u201d she said.<\/p>\n<p>The location and identity of the Transnet hackers is unclear. Meyers said they were likely of Eastern European or Russian origin, where many ransomware groups are based.<\/p>\n<p>Some advertise their exploits online and use forums on the dark web to hire hackers to work with them, but the gang associated with \u201cDeath Kitty\u201d and its variants have kept a lower profile, according to Meyers. \u201cWe have not observed any recruitment or selling of anything consistent with this ransomware, so it is either a closed group or a private service that doesn\u2019t advertise.\u201d<\/p>\n<p>Transnet has fully restored operations at the nation\u2019s ports after reinstating its automated terminal-operating system. Other systems are being brought up in a staggered manner, Gordhan said.<\/p>\n<h3 class=\"my-4\">Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/security\/407594-cyber-attack-on-transnet-causes-chaos.html\">Cyber-attack on Transnet causes chaos<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Transnet has been targeted with a strain of ransomware that cybersecurity experts have linked to a series of high-profile data breaches likely carried out by crime gangs from Eastern Europe and Russia.<\/p>\n","protected":false},"author":341034,"featured_media":407050,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[35,10248],"class_list":["post-408012","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-headline","tag-transnet"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/408012"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341034"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=408012"}],"version-history":[{"count":0,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/408012\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/407050"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=408012"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=408012"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=408012"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}