Key Highlights
- Land Bank rejected a five Bitcoin (about $362,820 ) ransom demand after a cyberattack in January.
- The attackers used ransomware to lock parts of the bank’s servers and employee laptops, but critical systems like ERP, core banking, and CRM were not affected.
- The bank reported the incident to police and regulators, and approved a six-month phased improvement plan.
Land Bank, a South Africa-based bank, has rejected a five Bitcoin ransom demand after a cyberattack in January, making it clear that no payment was made to the attackers.
Finance Minister Enoch Godongwana confirmed that criminals demanded 5 Bitcoin, worth about $362,820 in current rate, in exchange for returning data and not releasing it to the public. The bank refused to give in, according to a local report.
“The Land Bank has taken the decision not to make any ransom payment and confirms that no ransom payment was made,” Godongwana said in a written reply to MK Party MP Adil Nchabeleng.
How the hack happened
The incident started in January when the bank detected unusual activity on its computer systems. Early findings showed that a third party entered the network through a weakness on a server connected to the internet. After getting access, the attackers installed ransomware. This is harmful software that locks systems or files so that users cannot access them unless money is paid.
In this case, part of the bank’s server environment was encrypted. Several employee laptops that were running Microsoft operating systems were also locked.
The group behind the attack was identified as a ransomware-as-a-service operation. This means they provide hacking tools or services to carry out attacks and demand payment toreturn the data or to stop it from being published.
Even though the attack affected some systems, the bank said its most important platforms were safe. Godongwana explained that the enterprise resource planning (ERP), core banking, and customer relationship management (CRM) systems were not accessed.
These systems are important for daily banking work. They were protected because the SAP system operates in a separate technical environment. There was also no sign of unauthorised transactions or any loss of customer money.
Land bank employed more safety measures
As a safety step, the bank temporarily suspended all accounts and transactions. Only payments approved by top executives were allowed during that period. Employee laptops were collected for security checks and cleaning before they were returned for normal use.
The case was reported to the police under the Cybercrimes Act. The bank also notified the Information Regulator, and other relevant authorities. A formal report was also submitted to the Prudential Authority on January 29.
To prevent future attacks, the bank isolated affected systems, removed signs of the breach, patched security gaps, and strengthened firewall settings. In addition, the board has approved a cybersecurity improvement plan that will be carried out in phases over the next six months.
Also Read: Theft Gone Wrong: BC.Game Offers $500K Bounty After Hacker’s $31M ETH Bet Backfires
