The City of Johannesburg Hit by Ransomware Attack

cyber security professional

The city of Johannesburg municipality has been hit by a ransomware attack and shut down all of its e-services and the billing systems.

On Thursday night the city of Johannesburg detected a breach in its network after receiving a bitcoin ransom note from a group called shadow kill hackers’.

“All your servers and data have been hacked. We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal information.” the ransom note said. The city’s official Twitter account later confirmed the breach.

After group by the name ‘shadow kill hackers’ demand four bitcoins (around $30,493) in their ransom note which states to pay before October 28, 5 pm local time failing will upload the city’s sensitive information on the internet. Till now, the city of Johannesburg did not pay the ransom as there are no transactions available for the attacker-controlled BTC address.

The city has shut down its website and all digital services for 24 hours as soon as several city employees received a ransom note from the threat group.

Several customer-facing systems such as payment portals, services, billing system have been shut down as a precaution. Emergency calls have diverted to the Provincial Call Centre (112)

Daily Maverick reported that one of the staff members of City’s customer walk-in centres in Randburg said staff came in on Friday morning (25 October 2019) and were told: “not to touch any of the computers.”

“However, we have to stay here because we were told that the system could come back online at any moment,” the staff told Daily Maverick.

“Just because they have only got into the server with the ‘user-friendly’ access it just means they won’t be able to change any of the core files,” Oxford told Daily Maverick.

It is still unknown about how the attack happened and what information may be compromised.

It is the second time in the past four months Johannesburg attacked by ransomware. A virus hit in July that restricted the ability of customers to buy electricity online.

For the latest cyber threats and the latest hacking news please follow us on FacebookLinkedin, and Twitter.

You may be interested in reading: Click2Mail Suffers Data Breach


Please rate this content