Transnet Suffers Ransomware Attack, Halts Port Operations

The real world consequences of crippling cyberattacks has been demonstrated after a South African state run entity halted its operations after being attacked last week.

Transnet Port Terminals (TPT) declared force majeure on Monday following the ongoing fallout from a cyberattack last week which hit the entire Transnet group.

TPT is part of Transnet, South Africa’s state-run ports operator and freight rail monopoly, and by declaring force majeure (which is an unanticipated or uncontrollable event that releases a company from fulfilling contractual obligations), it means that the importing of goods by sea containers into South Africa has been halted.

This declaration of force majeure is a contractual clause that means Transnet has absolved itself of any liability for not being able to provide promised services to its clients due to an “act of God”.

Business Insider reported that ships are already starting to bypass South African ports and heading to neighbouring countries instead.

South Africa is the most developed economy on the African continent, but most of its state run institutions have been mired in corruption and mismanagement allegations in recent years.

Indeed, the country was rocked a couple of weeks ago by widespread rioting and looting following the jailing of former President Jacob Zuma for contempt of court for defying a court order to give evidence at an inquiry into corruption during his nine years in power.

The cyberattack reportedly took place on 22 July, and TPT initially declared it as a “disruption on its IT network”.

But during TPT’s confidential force majeure letter to its customers on Monday, the entity confirmed that it was “an act of cyberattack, security intrusion and sabotage”.

Transnet Port Terminals container terminals in the Ports of Durban, Ngqura, Port Elizabeth and Cape Town have halted the importing of containers.

Liability evasion?

The declaration of force majeure has been questioned by security experts, who said it doesn’t send out the right message to customers and looks like the entity is trying to avoid accountability.

“Claiming force majeure removes liability of a cyberattack, and this could be seen as an attempt at removing responsibility,” said Jake Moore, cybersecurity specialist at ESET. “This may be a way to shield any claims or reimbursement, but shirking accountability after originally trying to downplay the magnitude of the attack doesn’t send out the right message to customers or other organisations.”

“Companies need to be far more open in their actions as we move to a time where cyberattacks are becoming inevitable,” said Moore. “It is far more admirable to be honest from the outset and make people aware of the situation.”

“Until laws are changed to make such procedures uniform, we may continue to see organisations try to reduce their personal impact of an attack by dumbing it down, but this can make outcomes far worse down the line,” said Moore.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Tesla Reaches $1 Trillion Valuation

Car maker Tesla now worth at least double that of Toyota, Volkswagen and Ford combined,…

1 hour ago

Australia Funds Telstra Buy Of Digicel Pacific To Thwart China

Strategic blocking? Australian government joins forces with Telstra to acquire Digicel Pacific, after interest from…

2 hours ago

Apple ‘Very Likely’ To Face DoJ Antitrust Lawsuit – Report

Two year investigation by Department of Justice of tech giants has seen acceleration of Apple…

3 hours ago

France Holds Secret Talks With Israel Over NSO Spyware

Top adviser to French President holds talks with Israeli counterpart to discuss NSO spyware allegedly…

4 hours ago

Facebook Making Online Hate Worse, Whistleblower Tells MPs

Frances Haugen answered questions from the UK parliament's Joint Committee on Monday, after cache of…

6 hours ago

Silicon UK In Focus Podcast: Women In Tech

Today we are speaking to Joanne Thurlow, Head of IT for Siemens Energy, Industrial Application…

7 hours ago