“Death Kitty” ransomware related to attacks on South African ports

Transnet appears to have been targeted by a series of ransomware links to a series of high-profile data breaches that cybersecurity experts may have committed by criminal organizations in Eastern Europe and Russia.

Hackers claimed to have left a ransom note on Transnet’s computer as seen by Bloomberg News and encrypted company files containing terabytes of personal data, financial reports and other documents. This memo instructed the company to access a chat portal on the dark web and participate in the negotiations.

Transnet spokesman Ayanda Shezi did not answer multiple phone calls or WhatsApp messages asking for comment. Public enterprise minister Pravin Gordan said in a statement Wednesday that investigations into the motives of the attack were still underway.

After a cyberattack on July 22, the company declared unavoidable at the container terminal and switched to manual cargo processing. Transnet’s Durban port alone handles more than half of the country’s shipments and is a major gateway to other commodity exporters, including the Democratic Republic of the Congo and Zambia. The turmoil follows a deadly protest in South Africa earlier this month that interrupted the operation.

According to cybersecurity firm Crowdstrike Holdings Inc, Transnet’s ransom notes were similar to those seen in recent months. It is related to ransomware, variously known as “Death Kitty,” “Hello Kitty,” and “Five Hands.” -President of Intelligence at Crowdstrike. These stocks were observed this year by targeting Polish video game maker CD Projekt and exploiting a security vulnerability. SonicWall product.

Lisa Donnan, a partner at cyber investment group Option3 Ventures, said that many organizations still do not have strong cybersecurity risk management policies, “industries such as logistics and critical infrastructure are vulnerable to attacks.” Stated. With the average ransom price rising from $ 5,000 in 2018 to $ 200,000 and the increasing number of incidents, there is also a global shortage of cybersecurity workers.

The Transnet was created for a “ripe goal” because its port is important to the country and the wider region, Donan said in an email response to the question. “Unfortunately, many organizations realized after the attack that cybersecurity was a business issue, not an IT issue,” she said.

The location and identity of the transnet hacker is unknown. Myers said it is likely to be of Eastern European or Russian origin, where many ransomware groups are based.

According to Myers, some people promote exploits online, hire hackers using forums on the dark web, and work with hackers, but keep the gangsters associated with DeathKitty and its variants unobtrusive. I am. “We have not confirmed any recruitment or sale of any match for this ransomware, so it is either a closed group or a private service that we do not advertise.”

Transnet has fully regained operations at national ports after reviving an automated terminal operating system. According to Gordan, other systems are being launched at different times.

Source: News24

Source link “Death Kitty” ransomware related to attacks on South African ports

Source link

Sign up for our daily Maritme Cyber Analysis and Threat Intelligence news.