State-owned bank in South Africa confirms ‘Akira’ ransomware attack

The Development Bank of Southern Africa said Monday that it was hit with a ransomware attack, adding that servers, logfiles and documents were encrypted by the Akira gang last month.

In a statement, the state-owned bank said the attack began around May 21 and that the gang threatened to publish stolen information if an undisclosed ransom was not paid.

The bank is a development finance institution that invests in infrastructure projects and educational efforts. It has an annual net income of about $122 million and more than 600 employees.

“Upon becoming aware of the Incident, the DBSA immediately conducted an investigation and determined that” information including business names, the names of directors and shareholders, addresses, identification documents, and contact information including phone numbers and email addresses “may have been unlawfully accessed or acquired by the threat actor,” the bank said.

Many of the documents also had details of commercial or employment relationships with DBSA and financial information of stakeholders.

The bank’s investigation into the incident is ongoing but it warned that hackers may “attempt to impersonate stakeholders using the compromised Personal Information.”

“As a result, DBSA encourages stakeholders to remain vigilant and alert to any evidence that their Personal Information is being used incorrectly, and take care to identify any unauthorized actions as they relate to your Personal Information,” the bank explained.

The South African news organization DispatchLive reported that the bank sent an email to all employees on Monday confirming that employee information was involved in the data breach.

Several South African law enforcement agencies and regulators are involved in the investigation and the bank has hired a forensic investigator to monitor for leaked information appearing on the dark web.

Since the attack occurred, the company has been able to restore its IT environment and remove the ransomware group from its systems, it said.

The bank said the Akira ransomware gang that issued the ransom is based in Russia. The gang has attacked dozens of businesses and schools since emerging in March, demanding ransoms from $200,000 to millions of dollars. Akira also offers victims lower ransoms if data theft — and not encryption — was involved in the attack.