Ransomware and force majeure at South African ports.
The South African ports of Cape Town and Durban a week ago this past Thursday disclosed that operations had been disrupted by an unspecified cyberattack, Reuters reports. According to IOL, the disruptions appear to be connected to problems at Johannesburg-based and state-owned intermodal transportation company Transnet, with road transportation to the port of Durban also seeing the effects of the attack. Splash 24/7 says that Transnet has identified and isolated the source of the incident, but that it's released no details of the cyberattack itself. Services are resuming manually, with priority going to refrigerated containers.
Moneyweb reports that South Africa's Transnet has declared force majeure (and thus claimed relief from liability) in a letter to its customers, acknowledging that what was initially described as "disruption on an IT network" amounted to “an act of cyber-attack, security intrusion and sabotage.” The letter explains, “Investigators are currently determining the exact source of the cause of compromise and extent of the ICT data security breach/sabotage. Transnet is implementing all available and reasonable mitigation measures to limit the impact of this compromise." According to Bloomberg, operations at South Africa's six major container ports have been disrupted.
By Wednesday Reuters had reported that South Africa's Ministry of Public Enterprises had announced that service is being restored at ports operated by the state-owned logistics organization Transnet. The ports of Durban, Ngqura, Port Elizabeth and Cape Town were all affected by ransomware. Durban is fully operational; Eastern Cape ports are expected to return to normal capacity soon. The condition of force majeure should be lifted soon.