RansomHouse Ransomware Attack on Sibanye-Stillwater

Overview of Sibanye-Stillwater

Sibanye-Stillwater is a multinational mining and metals processing company headquartered in Roodepoort, Gauteng, South Africa. The company is a leading producer of precious metals, including platinum group metals (PGMs) such as platinum, palladium, and rhodium, as well as gold. With operations spanning five continents, Sibanye-Stillwater employs approximately 82,788 individuals and reported a revenue of around $5.2 billion for the fiscal year 2023. The company is also involved in the extraction and processing of other commodities like copper, nickel, and lithium, and has a strong focus on sustainability and recycling initiatives.

Details of the Ransomware Attack

On July 11, 2023, Sibanye-Stillwater fell victim to a ransomware attack orchestrated by the RansomHouse group. The attack disrupted operations at the company's mining facilities in Montana, particularly affecting automated systems. Initially, the impact was believed to be limited to payroll systems, but it was later revealed that the Columbus smelter operations were also compromised. Despite these challenges, employees at the Columbus facility continued their work, and core operations remained largely unaffected.

The attack led to temporary system outages, prompting the company to switch to manual backup processes. Sibanye-Stillwater delayed the release of its half-year financial results by two weeks, now scheduled for September 12. The company promptly reported the incident to regulators and took swift action to contain the threat, isolate affected systems, and safeguard its data. The investigation into the attack is ongoing as efforts continue to achieve complete recovery.

About RansomHouse

RansomHouse is a data extortion group that emerged in late 2021. Unlike traditional ransomware groups, RansomHouse does not encrypt files but instead gains access to corporate networks, steals data, and threatens to leak the stolen data publicly if the victim does not pay a ransom. The group markets itself as a "professional mediators community" aiming to "minimize the damage" and "bring conflicting parties together." However, their actions are still considered an extortion scheme.

RansomHouse has been linked to collaborating with other ransomware groups like White Rabbit and Hive. They exploit vulnerabilities, steal data, and maintain a data leak site to pressure victims into paying. The group has targeted a wide range of industries, focusing on manufacturing, finance, and small businesses in North America and Europe.

Potential Vulnerabilities

Sibanye-Stillwater's extensive and diverse operations, coupled with its reliance on automated systems, make it a prime target for cyberattacks. The company's significant presence in the mining sector and its role as a major producer of precious metals add to its attractiveness as a target for threat actors like RansomHouse.

Sources

• Sibanye-Stillwater News & Investors
• Sibanye-Stillwater Business
• Sibanye-Stillwater About Us
• Trellix Blog on RansomHouse
• Avertium on RansomHouse