Ransomware Targeted RSAWeb, a Leading South Africa company

RSAWEB, a fast growing and highly innovative Internet Service Provider with specialisation in Cloud infrastructure, Enterprise Connectivity in south africa got hit by ransomware attack.

An outage that took down RSAWeb’s whole network on 1 February, including its fibre, mobile, hosting, VoIP, and PBX services, was a “highly sophisticated cyberattack”.

RSAWeb informed its largest enterprise clients last week that they had been hit with a ransomware attack and their team is working on decrypting customers’ data, and they didn’t want to do or say something publicly that could compromise that effort.

Van Staden said the attack particularly impacted their cloud and shared hosting customers.

“Given the sophisticated nature of this attack, the recovery process is highly complex,” he said.

“We are currently in the process of restoring these services and expect to have the majority of these customers restored within the next 24 hours, with the remainder thereafter.”

He said they had restored services to their Fibre to the Home (FTTH), Fibre to the Business (FTTB), MPLS, VolP, and Mobile APN customers.

In his letter to fibre customers, Van Staden said they restored most customers’ FTTH and FTTB services within 24 hours.

“Our team worked around the clock to assist our remaining customers to reconfigure their settings and get back online.”

Van Staden mentioned, “This attack is part of a campaign that has victimised many other businesses both in South Africa and globally.”

He said they don’t believe customer or employee data was accessed or misused due to the attack.

“The relevant authorities have been informed, and we have also engaged independent professional cybersecurity advisors.”

Dr Zakir Hussain, Security Advisor mentioned that Cybersecurity agencies worldwide issued notices last week about attackers actively targeting unpatched VMware ESXi servers and RSAweb joined victim list.

The attackers are exploiting a security flaw tracked as CVE–2021–21974.

This is a two-year-old remote code execution vulnerability that involves triggering a a heap overflow in the OpenSLP service.

“A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution,” the CVE’s description states.

Flash News

Suchana Seth, Mindful AI Lab, AI Startup CEO arrested for allegedly killing her four-year-old son

IPS officer Shahnawaz Qasim appointed as secretary to Telangana CM

The Philadelphia Inquirer got attacked by Cuba Ransomware Gang

Ooredoo tv adds five new channels

Qatar Aiways, Hamad International Airport (HIA) are joined Expo 2023 Doha official partners List

Ethical Hackers arrested after exposing FreeHour security flaw

Vijayalakshmi R appointed as Chief Human Capital Officer (CHRO), TRIANZ.

SNB appoints Saeed Mohammed Al-Ghamdi as new chairman

First Citizens Bank to acquire Silicon Valley Bank

Malaysia added Extra 12 RFID lanes to PLUS toll plazas