Police and external experts are investigating the intrusion into the network of South Africa's main agricultural bank.
The Agricultural Development Bank of South Africa (ADB) has found itself at the center of a cyber incident, the consequences of which are still being investigated by experts. The organization confirmed an attack on its internal IT systems but declined to disclose details about possible ransom demands or the status of negotiations with the attackers.
An outage affecting some internal services was detected on January 12. After the problem was discovered, the infrastructure was partially disconnected from the network to preserve data and ensure operational continuity. The bank later reported that a third-party group had gained access, launched ransomware , and blocked part of the server environment.
Reports of a ransom demand of approximately 50 million rand appeared in the press . Bank representatives neither confirmed nor denied these reports. Management explained the refusal by saying that such information is not disclosed during forensic investigations and interactions with law enforcement.
According to internal information, following the attack, employees' work laptops were temporarily confiscated and replaced. The bank explained that the equipment had been fully scanned and wiped. This step was described as a standard incident containment and workstation check.
A preliminary analysis revealed that the attackers had access to a limited amount of internal data. No signs of a customer data leak or interference with core banking systems have yet been detected. The investigation is ongoing, and final conclusions have not been reached.
The police and relevant regulators were notified of the incident. An external information security team and major IT contractors were brought in to assist with the investigation. They were tasked with identifying the method of intrusion and strengthening the infrastructure's security.
Industry representatives note that the attack's pattern is similar to typical ransomware operations . In such cases, attackers often not only lock down systems but also copy data to exert additional pressure. They also frequently attempt to delete backups to complicate recovery.
Similar incidents have occurred at this bank before. In 2010, criminals attempted to withdraw a large sum using stolen credentials, but the suspicious transfers were promptly detected by a partner financial institution, and the bulk of the funds were saved.
The Agricultural Development Bank of South Africa (ADB) has found itself at the center of a cyber incident, the consequences of which are still being investigated by experts. The organization confirmed an attack on its internal IT systems but declined to disclose details about possible ransom demands or the status of negotiations with the attackers.
An outage affecting some internal services was detected on January 12. After the problem was discovered, the infrastructure was partially disconnected from the network to preserve data and ensure operational continuity. The bank later reported that a third-party group had gained access, launched ransomware , and blocked part of the server environment.
Reports of a ransom demand of approximately 50 million rand appeared in the press . Bank representatives neither confirmed nor denied these reports. Management explained the refusal by saying that such information is not disclosed during forensic investigations and interactions with law enforcement.
According to internal information, following the attack, employees' work laptops were temporarily confiscated and replaced. The bank explained that the equipment had been fully scanned and wiped. This step was described as a standard incident containment and workstation check.
A preliminary analysis revealed that the attackers had access to a limited amount of internal data. No signs of a customer data leak or interference with core banking systems have yet been detected. The investigation is ongoing, and final conclusions have not been reached.
The police and relevant regulators were notified of the incident. An external information security team and major IT contractors were brought in to assist with the investigation. They were tasked with identifying the method of intrusion and strengthening the infrastructure's security.
Industry representatives note that the attack's pattern is similar to typical ransomware operations . In such cases, attackers often not only lock down systems but also copy data to exert additional pressure. They also frequently attempt to delete backups to complicate recovery.
Similar incidents have occurred at this bank before. In 2010, criminals attempted to withdraw a large sum using stolen credentials, but the suspicious transfers were promptly detected by a partner financial institution, and the bulk of the funds were saved.
