South African port operator Transnet said on Tuesday that operations at its crippled container terminals are gradually being restored after being shut down by a cyber-attack on 22 July.

A force majeure declared on Monday remains in effect until Friday, although it could be lifted earlier.

The cyber-attack hit Transnet's port and rail IT infrastructure, including cargo tracking, leaving terminal operators in the dark, unable to locate containers and determine what they were carrying.

Transnet Port Terminals (TPT), the state-owned logistics and port company’s division that operates the country’s container terminals, said the force majeure covered the ports of Durban, Ngqura, Port Elizabeth and Cape Town.

The bulk handling ports of Richards Bay and Saldanha were unaffected.

“Transnet, including Transnet Port Terminals, experienced an act of cyber-attack, security intrusion and sabotage, which resulted in the disruption of TPT normal processes and functions or the destruction or damage of equipment or information,” the operator said.

On Tuesday, as queues of containerships outside the ports grew longer, and ships diverted to Maputo or dropped their calls in Southern Africa entirely, Transnet said that ports and container terminals were gradually creaking back to life.

The company said it made significant progress in restoring its computer systems, most of which were up and running by Monday.

“The terminals are berthing vessels as planned and facilitating loading and discharge operations with the shipping lines," Transnet said.

"We will continue to work directly with shipping lines in order to facilitate maximum import evacuation and further exports planned for future vessels.

"It is expected that some applications may continue to run slowly over the next few days, while monitoring continues. All operating systems will be brought back in a staggered manner, to minimise further risks and interruptions."

Exports crippled

Durban handles 60% of South Africa's containerised imports and exports. Transnet said operations in the port were gradually resuming on Tuesday. Photo: Jonathan Boonzaier

The cyber-attack’s prolonged impact on container terminal operations deals a further blow to South Africa’s fragile economic recovery from the Covid-19 pandemic, and comes just after the widespread destruction caused by deadly riots that shuttered businesses in two provinces earlier in July.

It threatens to have a ripple effect on the economies in nearby landlocked countries such as Botswana, Congo, Zambia, Malawi and Zimbabwe, which depend on South Africa’s ports for their imports and exports.

Between January and May, South Africa recorded ZAR 734bn ($50bn) worth of exports, led by sales of vegetables and fruits and mining minerals.

Sellers of time-sensitive perishable agricultural goods like fruit, vegetable and meat are expected to be hit hardest by the port delays.

Pravin Gordhan, South Africa’s minister of public enterprises, told Bloomberg on Tuesday that Durban, which handles 60% of the country’s container traffic, was fully operational again and fruit exports had resumed.

Gordhan said a recovery process was still underway in Cape Town.

Danish shipping giant AP Moller-Maersk, in a statement on its website, advised clients that only refrigerated cargo was being accepted for export, while it did “not have clarity yet on when dry cargo acceptance will open up”.

Gordhan added that a probe into the motive for the attack is still underway.