Sibanye-Stillwater Hit by RansomHouse Ransomware Attack
Incident Date:
July 22, 2024
Overview
Title
Sibanye-Stillwater Hit by RansomHouse Ransomware Attack
Victim
Sibanye-Stillwater
Attacker
Ransomhouse
Location
First Reported
July 22, 2024
RansomHouse Ransomware Attack on Sibanye-Stillwater
Overview of Sibanye-Stillwater
Sibanye-Stillwater is a multinational mining and metals processing company headquartered in Roodepoort, Gauteng, South Africa. The company is a leading producer of precious metals, including platinum group metals (PGMs) such as platinum, palladium, and rhodium, as well as gold. With operations spanning five continents, Sibanye-Stillwater employs approximately 82,788 individuals and reported a revenue of around $5.2 billion for the fiscal year 2023. The company is also involved in the extraction and processing of other commodities like copper, nickel, and lithium, and has a strong focus on sustainability and recycling initiatives.
Details of the Ransomware Attack
On July 11, 2023, Sibanye-Stillwater fell victim to a ransomware attack orchestrated by the RansomHouse group. The attack disrupted operations at the company's mining facilities in Montana, particularly affecting automated systems. Initially, the impact was believed to be limited to payroll systems, but it was later revealed that the Columbus smelter operations were also compromised. Despite these challenges, employees at the Columbus facility continued their work, and core operations remained largely unaffected.
The attack led to temporary system outages, prompting the company to switch to manual backup processes. Sibanye-Stillwater delayed the release of its half-year financial results by two weeks, now scheduled for September 12. The company promptly reported the incident to regulators and took swift action to contain the threat, isolate affected systems, and safeguard its data. The investigation into the attack is ongoing as efforts continue to achieve complete recovery.
About RansomHouse
RansomHouse is a data extortion group that emerged in late 2021. Unlike traditional ransomware groups, RansomHouse does not encrypt files but instead gains access to corporate networks, steals data, and threatens to leak the stolen data publicly if the victim does not pay a ransom. The group markets itself as a "professional mediators community" aiming to "minimize the damage" and "bring conflicting parties together." However, their actions are still considered an extortion scheme.
RansomHouse has been linked to collaborating with other ransomware groups like White Rabbit and Hive. They exploit vulnerabilities, steal data, and maintain a data leak site to pressure victims into paying. The group has targeted a wide range of industries, focusing on manufacturing, finance, and small businesses in North America and Europe.
Potential Vulnerabilities
Sibanye-Stillwater's extensive and diverse operations, coupled with its reliance on automated systems, make it a prime target for cyberattacks. The company's significant presence in the mining sector and its role as a major producer of precious metals add to its attractiveness as a target for threat actors like RansomHouse.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.