The South African city of Johannesburg has experienced a cyber attack, and it has shut down all electronic services, including its website, for a period of 24 hours. Whereas the city has been through such attacks before, the hackers are demanding the ransom to be paid in Bitcoin.
Johannesburg’s announcement came late Thursday night in a tweet stating that there had been a breach of its network. The statement reassured its citizens that necessary countermeasures were being taken and that the 24-hour shutdown of its website and all e-services was just “a precaution”:
The incident is currently being investigated by the City of Joburg cybersecurity experts, who have taken immediate and appropriate action to reinforce security measures to mitigate any potential impacts. As a result of several customer-facing systems – including the city’s website, e-services, billing system – have been shut down as a precaution.
Interestingly enough, before the tweet was published, several city employees had reported receiving the following ransom note:
All your servers and data have been hacked. We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information.
The attack was reportedly executed by a group called Shadow Kill Hackers, and they have demanded a ransom in the form of 4 bitcoins by October 28. As the value of 1 bitcoin is $7,500 at the time of this writing, the total ransom is worth $30,000.
The attack might have hit banks as well, with Absa and Standard Bank informing customers of internet-related problems with their systems. However, both institutions have reported that the issues were fixed.
Unfortunately, the city of Johannesburg is no stranger to ransomware attacks. Typically, a hacker encrypts files on a computer (or an entire city system, in this case) and a ransom is requested, usually in cryptocurrency. If the ransom is paid, then a decryption key is provided, thus resolving the hack. However, such ransoms are rarely paid.
Back in July, another attack took out the city’s power servers, and some residents were left without electricity for hours. Spokesperson Isaac Mangena said then that the city would not be paying the ransom “as a matter of principles.” In just a few hours, the city said that most affected networks had been cleaned and restored.
South Africans reportedly lose R2.2 billion per year to such attacks, but the losses are more than just financial. According to the head of Dialdirect Insurance, each victim on average spends around 2 working days to deal with the aftermath of an attack. Most commonly, bogus emails are used to trick individuals into revealing personal data.