Container terminal in Cape Town (photo by the South African government)
The South African Transnet, which operates the terminals and logistics for the country’s container operations, plans to lift its force majeure declaration effective August 2nd. The company was forced to make the statement after its IT systems were crippled by a ransomware cyberattack in July 22. Port operations across South Africa are slowly recovering after switching to manual operations, causing slowdowns and backlogs, which experts say it will take days or weeks to fully recover.
“Transnet now sees itself in a position to serve its customers and reliably fulfill all contractual obligations,” says the company’s announcement. The terminal operator tried to reassure customers by saying that it had managed to restore operations in the ports.
South African Public Enterprise Minister Pravin Gordhan praised Transnet and also shared some more details about the recovery. The minister said the IT security breach occurred on the morning of July 22nd. General cargo, bulk cargo, automotive, agricultural and mining terminals, including iron ore, coal and manganese, have switched entirely to manual operations, while much of the container operations have ceased. Systems started going back online on the night of July 27 in Durban, the busiest port in the country, and the truck booking system came the next day.
The ports affected included not only Durban, but also Cape Town, Port Elizabeth and Ngqura. At the end of the week, container operations on the Western Cape were fully operational again, while operations on the Eastern Cape were up and some IT functions were being restored.
The port of Cape Town reported that it could only handle 2,760 containers all week, up from more than 2,000 a day. On July 29, they reported that only 135 containers had been moved and only 25 refrigerated containers transported, while 400 import containers had also arrived. They estimated that more than 10,000 containers were delayed.
During the breakdown, three ships that should have completed their operations in Cape Town remained at the berth, while six more boxships were waiting in the anchorage with a delay when reaching the terminal. Two ships also decided to bypass Cape Town due to the backlog.
Bloomberg reports that the ransomware attack was the well-known “Death Kitty” or “Hello Kitty”, which has been linked to other high profile cyberattacks. They said it was likely carried out by criminal gangs from Eastern Europe and Russia. They reported seeing on-screen messages instructing Transnet how to start negotiations to get their data.
Minister Gordhan said their preliminary assessment of the cyberattack was based on the assumption that Transnet and its customer data had not been compromised. However, he said a full investigation into the motive for the attack is still ongoing.
Transnet thanked its customers and said that it was working to improve the vulnerabilities identified in its IT system.