South African capital shuts down operations after massive ransomware attack. Hackers demand $30k USD

Big cities have always been one of the hackers’ favorite targets. This time, a group of threat actors managed to compromise the computer networks of Johannesburg, South Africa’s commercial capital, trying to get a huge ransom. According to experts in web application security, as a security measure the city government decided to suspend the operations of its website and any electronic public service (fines & taxes payment, queries, etc.).

“Johannesburg officials have detected an intrusion that resulted in unauthorized access to the city’s computer systems. We apologize for the inconvenience caused by this incident,” mentions a tweet on the official city government account.

Attackers demand a ransom of 4 Bitcoin (about $30k USD at its current exchange rate) in exchange for restoring order in Johannesburg IT systems. Although nothing is yet confirmed, some members of the cybersecurity community have attributed the attack to a group known as Shadow Kill Hackers.

The ransom note sent by the attackers was received by multiple public officials in the South African city. A snippet of that note obtained by local media mentions: “All servers and city data have been hacked. We’ve also accessed passwords and sensitive personal data.”

In the end, hackers threatened to publicly disclose all this confidential information to the public if their demands are not met. Web application security specialists mention that the digital services most affected by this incident are online billing, online user service, and others. The South African authorities have already begun an investigation, ensuring that within a period of no more than 24 hours there will be a clearer picture of the incident.

This incident occurred shortly after cyberattacks on various South African banks. During these attacks, hackers managed to collapse the online banking services of Standard Bank, Absa and three other organizations, whose names were not disclosed. Web application security experts still don’t rule out the possibility that the same group of threat actors is behind this small wave of cyberattacks.

It is worth mentioning that the people of South Africa had already been victims of other cybersecurity incidents of considerable seriousness. Last July, web application security experts from the International Institute of Cyber Security (IICS) reported a massive cyberattack (ransomware infection, to be specific) against City Power, one of the country’s largest energy company. Although officials and residents feared a massive power outage, the infection only affected the company’s operational area. However, the risk of a blackout did exist, because systems for processing energy bills failed to record user payments, so IT teams in the company had to work against the clock to restore their prevent power outages.