Following a cyberattack in January, Land Bank’s website is still down, but the bank assures clients that it is open for business via its relationship managers.

By Francois Williams, senior journalist at African Farming and Landbouweekblad 

Land Bank, or the Land and Agricultural Development Bank of South Africa, is continuing its operations as normal. Only its website remains offline. The bank cannot yet say when the website will be back online, nor does it want to release any preliminary findings from the forensic investigation into the cyberattack in early January.

Also read: Land Bank temporarily takes IT systems offline

Rebecca Phalatse, general manager of marketing and communications at Land Bank, said in response to enquiries that the bank’s operations are not dependent on its website, and relationship managers remain available as usual to assist clients.

The website mainly serves as an information platform, she says, and the bank is currently using its social media channels to share information.

Phalatse confirmed that the forensic investigation into the cyberattack is still ongoing, and the bank believes it would not be prudent to disclose any information about the investigation at this stage, as it is in a sensitive phase.

Department Reaffirms Land Bank’s Key Role

The Department of Agriculture confirmed, in response to enquiries, that it is aware of the cyberattack at Land Bank and the efforts to resolve it. Minister of Agriculture John Steenhuisen emphasised that Land Bank remains essential to the agricultural sector, as the department’s blended finance scheme continues to rely on the bank.

Also read: Land Bank CEO Themba Rikhotso steps down

The bank did not respond to questions about whether CEO Themba Rikhotso’s resignation in February was in any way linked to the cyberattack and how it was handled. Questions regarding allegations that hackers demanded R50 million from the bank were also not answered. The bank had previously strongly denied this.

Ransomware Attack Confirmed

On 15 January, Land Bank confirmed that certain of its internal IT systems had been temporarily disrupted, and as a precautionary measure, the affected systems were taken offline to protect the bank’s operations and information.

At present, the bank’s website still indicates that it is temporarily unavailable. Visitors are directed to contact its head office in Pretoria on 012 686 0500. Office hours are listed as Monday to Friday, from 07:30 to 16:00.

Visitors are warned that the cyber incident on 12 January may have involved certain personal information, and that the bank, in terms of the Protection of Personal Information Act (POPI Act), is doing everything in its power to safeguard and secure clients’ information.

The bank confirmed that on 12 January it detected unauthorised activity in parts of its computer systems. Investigations showed that an external party gained access through a vulnerability in an internet-facing server and deployed ransomware that encrypted parts of the bank’s server environment.

According to the bank, early indications suggested that the external party may have accessed or exfiltrated data without authorisation. The attack was carried out by a so-called ransomware-as-a-service group.

When the security breach was discovered, the affected systems were isolated to prevent further unauthorised access, and specialist cybersecurity and forensic experts were brought in.

In line with the POPI Act, the incident was reported to the Information Regulator and the police. Land Bank says it is also engaging with regulatory authorities, including the National Credit Regulator, the Prudential Authority, the Financial Intelligence Centre and the Financial Sector Conduct Authority.

Clients Urged to Take Precautions

The bank has asked clients, as a precautionary measure, to change their passwords and, where possible, enable multi-factor authentication; to monitor their bank accounts carefully for any suspicious transactions; and to remain alert to phishing attempts, where cybercriminals try to trick people into sharing confidential information by pretending to be from a bank, the South African Revenue Service or an employer.

Land Bank’s insurance division has informed clients that it has not changed its banking details, and that all terms, conditions, benefits and obligations relating to their insurance cover remain unchanged.