Incidents

South African capital shuts down operations after massive ransomware attack. Hackers demand $30k USD

Big cities have always been one of the hackers’ favorite targets. This time, a group of threat actors managed to compromise the computer networks of Johannesburg, South Africa’s commercial capital, trying to get a huge ransom. According to experts in web application security, as a security measure the city government decided to suspend the operations of its website and any electronic public service (fines & taxes payment, queries, etc.).

“Johannesburg officials have detected an
intrusion that resulted in unauthorized access to the city’s computer systems.
We apologize for the inconvenience caused by this incident,” mentions a
tweet on the official city government account.

Attackers demand a ransom of 4 Bitcoin
(about $30k USD at its current exchange rate) in exchange for restoring order
in Johannesburg IT systems. Although nothing is yet confirmed, some members of
the cybersecurity community have attributed the attack to a group known as
Shadow Kill Hackers.

The ransom note sent by the attackers was
received by multiple public officials in the South African city. A snippet of
that note obtained by local media mentions: “All servers and city data
have been hacked. We’ve also accessed passwords and sensitive personal data.”

In the end, hackers threatened to publicly
disclose all this confidential information to the public if their demands are
not met. Web application security specialists mention that the digital services
most affected by this incident are online billing, online user service, and
others. The South African authorities have already begun an investigation,
ensuring that within a period of no more than 24 hours there will be a clearer
picture of the incident.

This incident occurred shortly after
cyberattacks on various South African banks. During these attacks, hackers
managed to collapse the online banking services of Standard Bank, Absa and
three other organizations, whose names were not disclosed. Web application
security experts still don’t rule out the possibility that the same group of
threat actors is behind this small wave of cyberattacks.

It is worth mentioning that the people of South
Africa had already been victims of other cybersecurity incidents of
considerable seriousness. Last July, web application security experts from the
International Institute of Cyber Security (IICS) reported a massive cyberattack
(ransomware infection, to be specific) against City Power, one of the country’s
largest energy company. Although officials and residents feared a massive power
outage, the infection only affected the company’s operational area. However,
the risk of a blackout did exist, because systems for processing energy bills
failed to record user payments, so IT teams in the company had to work against
the clock to restore their prevent power outages.

To Top

Pin It on Pinterest

Share This