Home Tech Johannesburg hit by another ransomware attack

Johannesburg hit by another ransomware attack

In July, the South African city of Johannesburg was targeted by a ransomware attack. As PR News Corp reported back then, the attack forced utility provider City Power to completely shut down. The incident was costly for both the city — the largest in South Africa — and its customers as the expulsion of the ransomware took time. It appears that hackers are not quite finished with the South African municipality, however, as it has recently experienced yet another massive ransomware incident.

According to the local South African news website Business Day, hackers have compromised multiple key networks for Johannesburg. The hackers, calling themselves the Shadow Kill Hackers, released a ransom note which demands four bitcoins by Oct. 28 or else threatens to “upload all the data onto the internet.” They also said the following in the note:

All your servers and data have been hacked. We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information.

The city confirmed the attack in the following tweet from their official account:

Joburg System Breach Update:

☎️Call centre, website & e-services platforms remain off-line💳Municipal account payments can be done via EFT and 3rd party payment services🚨Call 112 in case of emergency ☝️Critical systems are in the process of being restored #JoburgUpdates ^NS pic.twitter.com/pjep99yKCZ

— City of Joburg (@CityofJoburgZA) October 25, 2019

The investigation at the time of this article’s writing is still ongoing and the city of Johannesburg has not paid the ransom (which should never be the choice). It is unknown how the ransomware was able to enter such sensitive networks, especially after such a high-profile incident merely months ago. At this point, it is only speculation, but it is plausible that the city of Johannesburg did not make enough security protocol changes after the City Power incident.

Once the city figures out how to handle this particular incident, the next step should be twofold. One, Johannesburg must implement a total overhaul of its cybersecurity processes. Secondly, investigators need to get a handle on why Johannesburg is specifically being targeted so frequently.

Patrick de Laive

Latest articles

South African Airways, unions meet for talks amid damaging strike

JOHANNESBURG (PR News Corp) - South African Airways (SAA) and unions on Saturday met for talks the troubled state-run carrier hopes can bring an...

The Sony a7R IV is the best camera for landscape photographers

<!-- {OSPHeroImage} {/OSPHeroImage} {OSPIntroText} Landscape shooters have a unique set of requirements for their gear. On the image quality side of things, a good landscape camera should offer...

Microsoft Intune gets a new streamlined user experience

Microsoft recently began rolling out a refreshed and streamlined administration experience for Microsoft Intune. These features, which are now generally available, were determined based...

Southeast Asia: Final Fantasy VII and VIII Remastered Twin Pack coming 29th November

Square Enix has announced exactly when collectors and gamers who reside in Southeast Asia can pick up the exclusive Final Fantasy VII and VIII...