Civil Aviation Authority rubbishes ransomware extortion claim

The South African Civil Aviation Authority on Thursday moved to downplay an e-mail in circulation that claims it has been the subject of a ransomware attack, describing the e-mail as “a misrepresentation of facts”.

TechCentral, which has not seen the e-mail in question, broke the news last Friday that servers operated by the SACAA had been down most of last week after management was alerted to suspicious activity on its systems. The agency is probing whether a malicious actor may have been involved.

“On the morning of Monday, 1 July 2019, the SACAA learnt that some of its ICT systems did not launch and operate as per the norm. On closer inspection by the relevant ICT personnel, it was noted that some files had suspicious characteristics, which are regarded as anomalies from an ICT perspective,” authority spokesman Kabelo Ledwaba told TechCentral last week.

“Upon conducting a preliminary investigation, it was decided that some servers should be disconnected from the network in order to address these anomalies.”

In Thursday’s update, Ledwaba said the investigation into the anomalies is continuing.

“What is important to note is that the SACAA immediately executed its business continuity plans, which has thus far yielded positive outcomes,” he said.

“As a result, the SACAA has managed to restore almost all of its services and in the process ensured that the organisation’s ICT system gradually returns to optimum use.”

‘Simply untrue’

He said it is “not prudent” to discuss in detail the ICT security systems of the SACAA in public, “save to say that rumours that the organisation does not have a cybersecurity (plan) in place are simply untrue”.

Addressing the e-mail about a ransomware event, Ledwaba said: “There is an e-mail copy that is being circulated alleging that the SACAA is in talks with unknown individual(s) demanding a ransom payment. This is a misrepresentation of facts, as the organisation continually receives such … phishing e-mails and spoofs, which are dealt with accordingly by the organisation through its ICT team. So, it is not the first time that such an e-mail had been sent to one or more of our employees.”

The SACAA is a public entity established in 1998 and is charged with promoting, regulating and enforcing civil aviation safety and security. It is an agency of the national department of transport. — (c) 2019 NewsCentral Media