South Africa’s largest city has announced that it has detected a network breach resulting in unauthorised access to its information systems.
The ransomware attack has subsequently forced the city of Johannesburg to shut down its entire IT infrastructure, such as billing systems, websites and e-services.
The threat group, Shadow Kill Hackers, are demanding 4 Bitcoins, which roughly equates to USD 34,000, with a deadline of October 28, 5pm local time.
The ransom note, which was discovered on city employee computers, reads: “All of your servers and data have been hacked. We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information.”
The city took to Twitter to announce the attack, stating that the incident is currently being investigated by cybersecurity expert “who have taken immediate and appropriate actions to reinforce security measures and mitigate any potential impacts.”
The threat group also took to Twitter to post screenshots with evidence to show that they had access to the city’s Active Directory server.
It remains unclear if the city will pay the ransom, however the city has suggested the incident will be investigated as the work of a former disgruntled city employee.
Emergency calls have been diverted to the Provincial Call Centre, and the investigation is said to take 24 hours.
“The City will update residents on a four-hourly basis. We apologise for any inconvenience caused.”
At the same time the city was attacked, five South African banks, including Absa and Standard Bank were also targeted by what appears to be a DDoS attack. Initially, it was assumed that the same group targeting the city were involved, however on Friday, Shadow Kill Hackers confirmed that it was not related to them.
The post #Privacy: City of Johannesburg hit by ransomware attack appeared first on PrivSec Report.