State-owned port and rail operator Transnet is still reeling from the cyberattack it suffered last week, with movement in and out of SA’s ports at a near standstill and its employees forced to stop working and stay off the company’s digital systems for fear of further leaks of sensitive information. There is also the risk that the majority of Transnet’s more than 55,000 employees will not be paid salaries due on Tuesday.

Last week, Transnet said its IT applications had been compromised, forcing it to shut them down to identify the source of the attack. At various ports and on its rail system, the company had restored to “manual operations”, it said, slowing down its ability to receive and offload containers from ships and trucks.

It is unclear whether or not the cyberattack was part of a ransomware sting. Ransomware attacks have been growing in frequency globally and in South Africa. Typically, hackers gain access to sensitive information, disable systems linked to it, and threaten to make the information public if they are not paid a ransom, usually in hard-to-trace blockchain currencies or digital tokens.

In an internal email sent to Transnet employees on Monday, Transnet said the attack was “unprecedented” and had brought the company to a standstill.

The email said that all non-operational employees would be required to take leave from Monday until Thursday, and that workers with insufficient annual leave days would have them deducted from their next leave cycle.

“At this juncture, no employee is allowed to access Transnet’s network, E-mail or [Microsoft] Teams applications, or any other systems like SAP HCM, where all employee data is stored and maintained and the platform that we use to pay our employees,” read the email sent to employees by Transnet’s human resources division. 

“As it stands, we have been working relentlessly to ensure that our employees will be paid on Tuesday, 27 July 2021, and to get our systems functioning again.” 

South African Transport and Allied Workers’ Union General Secretary Jack Mazibuko, whose union is one of the major labour representatives at the freight utility, said the company told workers at a meeting on Monday afternoon that it was still trying to resolve the IT situation. 

“We emphasised to them that this must not affect employees’ salaries. They assured us that salaries will be paid tomorrow [Tuesday],” Mazibuko said. 

A Transnet employee, who asked to remain anonymous, said rail and port operators would consider downing tools if they did not receive their salaries, and that there was already panic among employees.

Transnet’s rail operations were disrupted by the unrest and violence that engulfed KwaZulu-Natal and Gauteng two weeks ago, forcing it to temporarily close its Natcor North-South line, which is a vital conduit for fresh produce and minerals. 

The chief executive of the Fresh Produce Exporters’ Forum, Anton Kruger, said the delay at ports would compound the revenue losses for fruit sellers. 

“The cyberattack has a huge impact on the export of fresh produce. The port terminals are not operational and thus no stock could be loaded. It’s peak citrus export season. We have already lost about 12 days, given the KZN unrest coupled with the cyberattack,” Kruger said. 

Gavin Kelly, CEO of the Road Freight Association, said cargo ferried by trucks was also feeling the pinch. 

“This is creating massive delays and creating unreliability of the movement of goods across all modes of transport,” Kelly said. 

“The gates to ports are closed, which means no trucks are moving in either direction. The manual processes being used are also creating problems in terms of operations. Road freight operators already have a huge backlog resulting from last week’s civil unrest.” 

Transnet had not responded to written queries from Business Maverick by the time of publication. DM/BM