South African state-owned DBSA confirms ransomware attack by Akira Group

The Development Bank of Southern Africa (DBSA), a prominent government-owned African Development Finance Institution, has officially confirmed that it fell victim to a ransomware attack orchestrated by the Akira group. The attack, which occurred in May, resulted in the encryption of the bank’s servers, log files, and documents.

According to a statement released by the bank, the attack commenced around May 21, and the Akira ransomware gang believed to be based in Russia, threatened to expose stolen information unless an undisclosed ransom was paid.

Upon discovering the incident, DBSA immediately initiated an investigation, which revealed that sensitive data, including business names, director and shareholder names, addresses, identification documents, and contact information such as phone numbers and email addresses, may have been unlawfully accessed or acquired by the threat actors.

The compromised documents also contained details related to commercial and employment relationships with DBSA, as well as financial information of stakeholders. In an email to all employees, the bank confirmed that employee information was involved in the data breach.

While the investigation into the incident is ongoing, DBSA cautioned that hackers might attempt to exploit the compromised personal information to impersonate stakeholders. Consequently, the bank urged stakeholders to remain vigilant and report any signs of incorrect use of their personal information while taking necessary precautions to identify unauthorized actions related to their data.

Multiple South African law enforcement agencies and regulators are involved in the investigation. DBSA has also enlisted the services of a forensic investigator to monitor the dark web for any potential leakage of sensitive information. The bank reassured stakeholders that its IT environment had been restored and the ransomware group had been successfully removed from its systems.

As a development finance institution dedicated to infrastructure projects and educational initiatives, DBSA plays a crucial role in South Africa. With an annual net income exceeding $122 million and a workforce of over 600 employees, the impact of this ransomware attack raises concerns regarding data security and potential ramifications for the stakeholders involved.