South Africa Department of Defence impacted by ransomware, over 1 Terabytes of data stolen

The ransomware group known as SNATCH carried out a cyberattack on South Africa's Department of Defence. Employing a 'double extortion' tactic, SNATCH utilized a malicious payload containing ransomware and data-stealing elements.

The malware initiated brute force attacks against vulnerable applications within the Department and to avoid endpoint protection the malware coerced the targeted computer to reboot into safe mode, since most endpoint protection programs don't start when Windows is running in safe mode.

The group published approximately 1.6 terabytes of stolen data which includes

• military contacts,
• internal call-signs,
• private contact information of Cyril Ramaphosa, the president of South Africa,
• private contact information of Military Colonels,
• private contact information of top government ministers.

The total number of impacted individuals is not disclosed.

The South African Government's attepmted to take down SNATCH's website with a 12-hour-long denial-of-service (DDoS) attack, but the classified data remains accessible to the public.