The City of Johannesburg has experienced a cyber attack and they had to shut down all electronic services, including their website, for a period of 24 hours. Whereas the city has been through such attacks before, the hackers are demanding the ransom to be paid in Bitcoin.
Johannesburg Under Cyber Attack
The announcement from the City of Johannesburg came late on Thursday night, informing in an official tweet that there has been a breach of its network. The statement reassured its citizens that the necessary countermeasures are being taken and the 24-hour shut down of their website and all e-services is just as a precaution:
The incident is currently being investigated by the City of Joburg cybersecurity experts, who have taken immediate and appropriate action to reinforce security measures to mitigate any potential impacts. As a result of several customer-facing systems – including the city’s website, e-services, billing system – have been shut down as a precaution.
Interestingly enough, before the tweet was published, several city employees had reported receiving ransom notes:
All your servers and data have been hacked. We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information.
Reportedly, the attack was executed by a group called Shadow Kill Hackers and they have requested a ransom in the form of the 4 bitcoins. As the value of 1 bitcoin is $7,500 at the time of this writing, the total ransom equals $30,000 and it has to be paid by the 28th of October.
The attack might have hit banks as well, with Absa and Standard Bank informing their customers about internet problems with their systems. However, both have reported that the issues have been fixed.
Previous Cyber Attacks
Unfortunately, the city of Johannesburg is no stranger to such ransomware attacks. A hacker encrypts files on any computer (or whole city system, in this case) and the ransom is requested usually in cryptocurrency. If the ransom is paid, then the decryption key is provided, thus resolving the hack. However, that’s rarely the case.
Back in July, another attack took out the power servers and some residents were left without electricity for hours. Spokesperson Isaac Mangena said then that the city will not be paying the ransom “as a matter of principles.” In a matter of hours, the city had said that most affected networks have been cleaned and restored.
Reportedly, South Africans lose R2.2 billion per year to such attacks but the losses are more than just financial. The head of Dialdirect Insurance explains that on average, each victim spends around 2 working days to deal with the aftermath of the attack. Most commonly, bogus emails are used to trick individuals to reveal personal data.