The Development Bank of Southern Africa (DBSA) has confirmed that it experienced a ransomware attack by the Akira gang, resulting in the encryption of servers, logfiles, and documents.
The attack, which started around May 21, prompted the gang to threaten the publication of stolen information if an undisclosed ransom was not paid. The state-owned bank, known for its investments in infrastructure projects and educational initiatives, revealed that personal information such as business names, director and shareholder names, addresses, identification documents, and contact details may have been unlawfully accessed or acquired.
DBSA’s ongoing investigation warns that hackers may attempt to impersonate stakeholders using the compromised personal information. The bank has urged stakeholders to remain vigilant and report any unauthorized actions related to their personal information.
DispatchLive, a South African news organization, reported that the bank sent an email to its employees confirming that employee information was involved in the data breach. The incident has attracted the involvement of South African law enforcement agencies and regulators, and the bank has hired a forensic investigator to monitor for leaked information on the dark web.
Although the company has managed to restore its IT environment and remove the Akira ransomware group from its systems, the bank remains concerned about potential data misuse. The Akira gang, believed to be based in Russia, has targeted numerous businesses and schools since March, demanding ransoms ranging from $200,000 to millions of dollars.
Interestingly, Akira offers lower ransoms to victims if data theft, rather than encryption, was the primary focus of the attack. The DBSA’s focus now is on enhancing security measures and safeguarding stakeholder information to prevent further unauthorized access and potential impersonation.
