Citizen Reporter
2 minute read
25 Oct 2019
3:06 pm

Ransom notes sent to major banks in cyberattack

Citizen Reporter

According to the South African Banking Risk Information Centre, this was a DDoS attack which did not involve hacking or a data breach.

The South African Banking Risk Information Centre (Sabric) has released a statement on behalf of the local banking industry confirming that ransom notes were sent to major banks in what is believed to be part of the same cyberattack that saw the City of Johannesburg shut down all of its systems on Thursday night.

“These attacks started with a ransom note which was delivered via email to both unattended as well as staff email addresses, all of which were publicly available.

“Threat intelligence which has surfaced has revealed that this is a multi-jurisdictional attack with entities from several countries being targeted and should therefore not be viewed as a targeted attack on South African companies only.

“We must emphasise that DDoS attacks like this one do not involve hacking or a data breach and therefore no customer data is at risk. It does, however, involve increased traffic on networks necessary to access public-facing services. This may cause minor disruptions,” Sabric said.

“Robust defensive strategies have been invoked across the industry and we are confident that customer impact will be kept to a minimum.”Sabric acting CEO Susan Potgieter said: “Despite our banks’ preparedness and resilience, we will continue to monitor this situation very closely and respond as required.

READ MORE: City of Joburg shuts down all systems as Shadow Kill Hackers demand bitcoin ransom

Standard Bank said an interruption to its banking services which occurred on Thursday had nothing to do with “an external cyber event that reportedly impacted the provision of public e-services”.

ABSA confirmed it experienced technical difficulties due to a DDoS attack, while Capitec said it was not affected as its systems could detect these type of attacks before damage was caused.

The City of Joburg on Thursday night announced a breach of its network on and shut down its website and all e-services as a precautionary measure.

In a tweet, the City said it had detected a network breach “which resulted which resulted in an unauthorised access to our information systems”.

Business Day reported that the attack came hours after the City received a bitcoin ransom note from a group called the Shadow Kill Hackers.

The hack reportedly occurred at the same time that several banks also reported internet problems believed to be related to cyber attacks.

(Compiled by Daniel Friedman. Background reporting, News24 Wire.) 

For more news your way, download The Citizen’s app for iOS and Android.