Death Kitty Ransomware that targeted South African Port Transnet has disrupted the networks, forcing the company to declare Force Majeure at Container Terminals and Cargo shifting, forcing the staff to switch to manual paper and pen work.
According to a report, CrowdStrike Holdings Inc has confirmed that the malware that hit the South African port was the ransomware strain known as Death Kitty, Hello Kitty or Five Hands. And the said strain also hit Poland-based video game producer CD Projekt and SonicWall Products early this year.
Reports are in that the port survived the attack and returned to normalcy from Wednesday this week and reports are in that TransNet did not pay a single penny as Ransom to those who induced file encrypting malware in to the network…..that’s superb news!
Coming to BlackMatter Ransomware strain, a Cybersecurity firm named Recorded Future has offered some intelligence related to the malware.
It was discovered that the said ransomware gang only targets corporate networks that have a minimum 500 to 15,000 hosts on a network and have an annual revenue earnings of $100 million, and operate in the US, UK and Canada and Australian regions.
Interestingly, the gang only targets firms that are in a position to pay $100,000(similar to REvil and DarkSide ransomware group demands) and targets operating systems and architecture that include Linux, Windows, VMware, and Network Attached Storage (NAS) produced by Synology, FreeNAS, OpenMediaVault, and TrueNAS.
Good news is that the said file encrypting gang never attacks hospitals, firms belonging to defense industry, nuclear power plants, water utilities, oil and gas supply firms, non-profit organizations and federal agencies. And in case any of the firms from the specified industries get infected, then the BlackMatter Ransomware group is ready to decrypt their database for free.