A ransomware attack has targeted South Africa, adding to the nation’s already turbulent situation following a tragic fire in Johannesburg that claimed the lives of at least 77 people, including seven children. The attack was claimed by the Snatch ransomware gang, who have reportedly removed South Africa from their dark web blog.
The South African parliament has initiated an investigation into the Johannesburg fire, expressing its commitment to conducting a thorough inquiry into the incident. However, the exact cause of the fire remains uncertain, leaving the community in a state of shock and mourning.
In their latest message, the Snatch ransomware gang addressed South Africa’s President Cyril Ramaphosa and blamed him for the tragic fire. The group expressed their condolences for the victims but accused the government of prioritizing resources for suppressing their activities rather than assisting the victims. They issued an ultimatum to President Ramaphosa, stating that if he helps the people affected by the tragedy, they will remove everything related to South Africa from their blog.
This ransomware attack is not the first time the Snatch gang has made headlines. They have previously targeted South Africa’s Department of Defence, using the notorious “double extortion” method which combines ransomware with data-stealing components. The group exploited the lack of endpoint protection mechanisms on many Windows computers through brute force attacks against vulnerable applications.
In their Telegram post, the Snatch gang made grave accusations against President Ramaphosa, alleging money laundering through the US-owned company DARPA and claiming that South Africa operates as a satellite of the USA. The cybercriminals further escalated the cyber conflict by leaking private contact details of President Ramaphosa, military colonels, and details of nearly every top government minister.
Efforts by the South African government to counter the ransomware attack, including a 12-hour-long DDoS attack on the Snatch gang’s website, proved unsuccessful. As a result, classified data remains accessible to the public, raising concerns about the extent of sensitive information compromised.
South Africa now faces a double crisis—the aftermath of a devastating tragedy and the relentless ransomware attack. The government must address both fronts and urgently address the vulnerabilities exposed by the Snatch gang. This situation demands immediate attention to protect sensitive information and prevent further damage.
Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.