South African ports and freight giant Transnet has acknowledged it is facing a major IT incident that has forced the shutdown of container terminals, after its centralised container management system NAVIS was knocked offline. The incident has all the hallmarks of a ransomware attack, although the company has yet to confirm as much. Transet’s websites were all also down as The Stack published.
Trucks were reported queing at Durban port, one of the country’s primary trade arteries after the incident. Transnet runs port infrastructure and marine services at South Africa’s eight major commercial seaports. It is also one of the world’s largest publicly owned heavy rail freight operators and runs a major oil and gas pipeline network across the country. Transnet confirmed it had halted operations at container terminals.
Transnet hacked, sources tell Reuters
“Transnet is currently experiencing a disruption in some of its IT applications, and the source of this problem is being identified”, the company said in a statement shared on Twitter at 11:32 BST.
It added: “All business continuity plans have been activated. Operations across the group are continuing, with the freight rail, pipelines, engineering, and property divisions reporting normal activity.
“Port terminals are operational across the system, with the exception of container terminals, as the NAVIS system on the trucking side has been affected.”
Blaming “inclement weather conditions” for the halt of terminal operations on the country’s Eastern Cape, meanwhile, Transnet said “the ports authority continues to operate and vessels moving in and out of the port are being recorded manually.” Reuters cited three sources as confirming a cyberattack.
The incident caps a torrid few weeks for the company, which was forced to declare force majeure on July 12 — suspending terminal operations in both the ports of Durban and Richards Bay — amid violent protests in the wake of the imprisoning of former president Jacob Zuma. More to follow