• Home
  • /
  • Telecoms
  • /
  • RSAWeb battles to restore services after cyber attack

RSAWeb battles to restore services after cyber attack

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 07 Feb 2023

Internet service provider RSAWeb is still battling to restore full services, a week after being hit by a ransomware cyber attack.

The security breach prompted it to shut down all its systems, resulting in RSAWeb’s entire network − including its fibre, mobile, hosting, VOIP and PBX services − going offline on 1 February.

A week later, the company has restored fixed-LTE and shared hosting services, while its engineers are still working on reinstating cloud and PBX services.

“RSAWeb engineers continue to prioritise the restore of cloud services,” it said yesterday.

“We will continue to provide regular updates as they become available. Our SOC [security operations centre] team and onsite field engineers are expediting restoring customer PBX services through remote assistance and onsite visits. Further updates to follow.”

Analysts have warned there will be a continued increase in the sophistication and prevalence of malware attacks this year.

The experts cautioned that due to remote and then hybrid working, and systems moving rapidly to the cloud, new vulnerabilities and fresh attack vectors emerged.

Commenting on the RSAWeb incident, Stephen Osler, co-founder of Nclose, an IT security services and solutions firm, says: “We’ve seen some clients take anywhere between two weeks to months to recover from a devastating cyber or ransomware attack.

“All you can do is hope they [RSAWeb] had air-gapped backups that could be used to restore their systems ASAP.

“A lot of businesses aren't prepared for this kind of attack. In terms of the impact on customers, the downtime has been quite significant.”

Osler says there is also the potential loss of customer data. “Often in these types of ransomware attacks, it’s not just about the encryption of data systems; the attackers could also steal large volumes of data. That is obviously quite alarming, considering the POPI Act.

“It’s unknown whether they [RSAWeb] have received a ransom request. They seem to keep a lot to their chest, as most businesses do.”