South African Banks Hit By Cyberattacks, Hackers Demand Ransom In Bitcoin

Avatar
Written by Peter Pedroncelli
cybersecurity South African Banks
A wave of distributed-denial-of-service attacks hit South African banks recently, with the perpetrators demanding a ransom in Bitcoin. Image – AP Photo – Pavel Golovkin

Several South African banks were hit by a wave of cyberattacks between Oct. 23 and Oct. 25, and the perpetrators demanded a ransom in cryptocurrency to stop the attacks.

Hackers tried to crash the banks’ websites by overwhelming them with massive amounts of fake traffic or digital requests — a strategy known as a distributed-denial-of-service attack.

The wave of distributed-denial-of-service attacks targeted services across multiple banks starting on Wednesday. The perpetrators demanded payment of two bitcoin, worth around $15,000, by Monday, Oct. 28, according to IOL.

Banks including Standard Bank, Absa, FNB, Nedbank and Capitec were targeted by unknown cybercriminals.

China was the top source of distributed-denial-of-service attacks for the first quarter of 2019, according to a report by security provider Nexusguard.

The timing of the attacks on the South African banks is significant. The end of the month typically coincides with the time when many South Africans are paid their monthly salaries and need to access banking infrastructure to withdraw money or pay bills online.

Listen to GHOGH with Jamarlin Martin | Episode 68: Jamarlin Martin

Jamarlin talks about the recent backlash against Lebron James for not speaking up for Joshua Wong and the violent Hong Kong protestors.

The attacks started with a ransom note delivered via email to unattended as well as staff email addresses, according to Fin24.

“Threat intelligence which has surfaced has revealed that this is a multi-jurisdictional attack with entities from several countries being targeted and should therefore not be viewed as a targeted attack on South African companies only,” the South African Banking Risk Information Center said in the statement.

The banks said that there was no security breach involved in the attacks and no customer data was compromised.

Cybercrimes cost African economies an estimated $3.5 billion in 2017. South Africa loses around $157 million annually to cyberattacks, according to the South African Banking Risk Information Center.

A rise in cyberattacks in Africa is attributed to vulnerable systems and lax cybersecurity practices. African banking systems are low hanging fruit for cybercriminals, according to TandFonline.

African countries have attempted to strengthen their defenses against cybercrime by improving regulatory frameworks and launching cybersecurity systems to combat such attacks.

Distributed-denial-of-service attacks are common throughout the world. The top targeted countries include the U.S., U.K., and Japan, according to research from Imperva.

U.S. and U.K. banks have been targeted with major denial-of-service attacks in the past.

Between 2011 and 2012, Iranian hackers were behind the denial-of-service attacks on 46 major U.S. financial institutions and corporations including Bank of America, JPMorgan Chase, the New York Stock Exchange, and Nasdaq.

In 2017, seven of the U.K.’s biggest banks were forced to reduce operations or shut down entire systems following distributed-denial-of-service attacks, FinancialTimes reported.

Johannesburg’s network compromised

At the same time as the denial-of-service attacks were happening on the banks, a group calling itself the Shadow Kill Hackers demanded a bitcoin ransom on Thursday after breaching the Johannesburg local government network, Biznews reported.

In a message on Twitter, the city said it had detected a network breach and unauthorized access to its information systems.

The hackers demanded a payment of two Bitcoin, worth around $30,000, by 5 p.m. on Monday, Oct. 28 South African time, according to News24. If the payment is not made, the cybercriminals have threatened to upload all the data they have allegedly stolen onto the internet. 

The city of Johannesburg responded to the cyberattack by shutting down its website and all e-services, according to TimesLive.

Shadow Kill Hackers, the group that claimed responsibility for the attack on Johannesburg’s computer systems, said it was not involved with the attack on South African banks.

Multiple city employees were sent the ransom note, which reads: “All your servers and data have been hacked. We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information.”