Ransomware Attack On South Africa Linked To Johannesburg


Following a devastating tragedy in Johannesburg, where a fire claimed the lives of at least 77 people, including seven children, a ransomware attack has targeted South Africa. This unfolded on August 31 when a catastrophic fire engulfed a five-story building in the city center.

Snatch ransomware gang has claimed a ransomware attack on South Africa, stirring up an already turbulent situation in the nation. Moreover, the cybercriminals responsible for the ransomware attack have reportedly removed South Africa from their dark web blog.

In the aftermath of the Johannesburg fire, the South African parliament has initiated an investigation, declaring its commitment to conducting a thorough inquiry into the tragic incident.

The exact cause of the fire remains uncertain, leaving the community in a state of shock and mourning.

Ransomware attack on South Africa: Snatch blames Country President 

Ransomware attack on South Africa, Johannesburg Fire Tragedy
Source: Twitter

Previously, the Snatch ransomware gang posted a message on their Telegram channel directly claiming a ransomware attack on South Africa.

In its latest post, the actor addressed South Africa’s President Cyril Ramaphosa.

The group expressed their condolences for the victims of the fire tragedy but then took a sinister turn, accusing the government of prioritizing resources for suppressing their activities rather than assisting the victims.

The Snatch ransomware gang issued an ultimatum to President Ramaphosa: “Help the people affected by this tragedy, and we give our word that as soon as this information is confirmed in the media, we will remove everything related to your country from our blog! 

Prior to this act, Snatch ransomware gang had already made headlines by launching the ransomware attack on South Africa, and infiltrating the computers of South Africa’s Department of Defence.

Employing the notorious “double extortion” method, the group combined ransomware with data-stealing components, posing a grave threat to sensitive government information.

Using brute force attacks against vulnerable applications, Snatch ransomware gang exploited the lack of endpoint protection mechanisms on many Windows computers, effectively bypassing built-in malware diagnostics.

In their Telegram post, the group made grave accusations against President Ramaphosa, dubbing him “the main arms baron of the black continent.”

They went on to claim that South Africa operates as a satellite of the USA, alleging money laundering through the US-owned company DARPA, a research and development agency focused on producing cutting-edge military technologies.

Moreover, the ransomware attack on South Africa further escalated the cyber conflict by leaking private contact details of President Ramaphosa, military colonels, and details of nearly every top government minister.

The post concluded with the ominous hashtag #costofmistake, emphasizing the grave consequences of their actions.

Efforts by the South African government to counter the cyberattack, including a 12-hour-long denial-of-service (DDoS) attack on Snatch ransomware gang’s website, proved unsuccessful.

As a result, the classified data remains accessible to the public, raising concerns about the extent of sensitive information compromised.

South Africa now faces a double crisis—the aftermath of a devastating tragedy and the relentless ransomware attack on South Africa.

While the government grapples with both fronts, the Snatch ransomware gang has exposed vulnerabilities that demand urgent attention.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.





Source link