South Africa Will Lift Force Majeure at Ports as Operations Resume

South African ports recover from cyberattack — Cape Town's container terminal (South African government photo)

South Africa’s Transnet, which operates the terminals and logistics for the country’s container operations, plans to lift its force majeure declaration effective August 2. The company had been forced to put the declaration in place after its IT systems were crippled by a ransomware cyberattack on July 22. Port operations across South Africa are slowly recovering after having switched to manual operations causing slowdowns and backlogs, which experts say will takes days or weeks to fully recover.

“Transnet believes it is now in a position to service its customers and meet all contractual obligations reliably,” the company wrote in its statement. The terminal operator sought to reassure customers saying that it has managed to restore operations at the ports.

South Africa’s Minister of Public Enterprise, Pravin Gordhan commended Transnet while also providing some more details on the recovery. The minister said the IT security breach occurred on the morning of July 22. Breakbulk, bulk, automotive, agricultural and mining terminals including iron ore, coal, and manganese had switched entirely to manual operations while much of the container operations were brought to a stop. The systems began coming back online at Durban, the country’s busiest port, on the night of July 27, with the truck booking system coming up the following day.

The ports impacted included not only Durban but also Cape Town, Port Elizabeth, and Ngqura. As of the end of the week, container operations on the Western Cape were fully functional again while on the Eastern Cape operations were working while some IT functions were still being restored.

The Port of Cape Town reported that it had only been able to handle 2,760 containers all week down from more than 2,000 per day. On July 29, they reported only 135 containers were moved and only 25 reefers while 400 import containers were also received. They estimated that more than 10,000 containers have been delayed.

During the outage, three vessels remained on berth that should have been able to complete their operations in Cape Town while six additional boxships were waiting in the anchorage delayed on reaching the terminal. Two vessels also chose to bypass Cape Town because of the backlog.

Bloomberg is reported that the ransomware attack was the well-known “Death Kitty” or “Hello Kitty” that has been linked to other high-profile cyberattacks. They said it was likely carried out by criminal gangs from Eastern Europe and Russia. They reported seeing screen messages instructing Transnet on how to begin negotiations to retrieve its data.

Minister Gordhan said that they believed from their preliminary assessment of the cyberattack that Transnet and its customer data had not been compromised. However, he said a full investigation was still ongoing into the motive for the attack.

Transnet thanked customers and said that it was working to improve weaknesses identified in its IT system.