Picture: 123RF/Igor Stevanovic
Picture: 123RF/Igor Stevanovic

The SA Banking Risk Information Centre (Sabric) confirmed on Friday that the banking industry has been hit by a wave of ransom-driven attacks to bring down online services, but says it has not involved hacking or a data breach.

It said the distributed denial-of-service (DDoS) attacks, which render a site or online service unavailable by flooding it with fake traffic, happened on Wednesday targeting various public-facing services across multiple banks, it said.

The attacks started with a ransom note, which was delivered via e-mail to both unattended as well as staff e-mail addresses, all of which were publicly available.

Sabric said threat intelligence, which had surfaced, showed that this was a multi-jurisdictional attack with entities from several countries being targeted and should therefore not be viewed as a targeted attack on SA companies only.

Because the attacks did not involving hacking or a data breach, customer data was not at risk, Sabric said. It did, however, involve increased traffic on networks necessary to access public facing services which may cause minor disruptions.

The City of Johannesburg reported a breach of its network on Thursday night and shut down its website and all e-services, hours after receiving a bitcoin ransom note from a group called the Shadow Kill Hackers.

In a message on Twitter, the city said it had “detected a network breach, which resulted in an unauthorised access to our information systems”. 

This was after several city employees received the ransom note, which reads: “All your servers and data have been hacked. We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information.”

The hackers then demanded the payment of four bitcoin by October 28 at 5pm, failing which they would upload all the data onto the internet.

Both Standard Bank and Absa informed customers on Thursday of the internet problem, but at least five banks are believed to be affected.

On Friday, Standard Bank said the cause of the service disruption was due to an internal hardware issue that impacted on some of the customer facing services that it offered its clients.

“The service disruption was not related to any external factors. No customer data or customer information was impacted,” the bank said.

Absa said it did not experience the incident reported by the city of Johannesburg.

“We do experience adverse cyber incidents of some form or another on a regular basis, and these are dealt with in the normal course. To date, we have not experienced an instance where the bank's own and customer information protection systems were breached,” spokesperson Phumza Macanda said.

She said the bank had informed customers of technical difficulties that affected internet banking services for a brief period, which arose from a DDoS attack, not a hack.

Sabric said defensive strategies had been invoked across the industry and it was confident that the effects on customers would be kept to a minimum.

“Despite our banks preparedness and resilience, we will continue to monitor this situation very closely and respond as required,”  Sabric acting CEO Susan Potgieter said.

quintalg@businesslive.co.za