Johannesburg’s network shut down after second attack in 3 months


Enlarge / Johannesburg City Hall

Johannesburg, the most important metropolis in South Africa and the 26th largest metropolis worldwide, has shut down its web site, billing and digital companies after being hit by a critical network attack, the second one in three months, municipality officers stated.

A bunch calling itself Shadow Kill Hackers took to Twitter to take credit score for the attack, claiming it took Johannesburg’s “sensitive finance data offline.” The group is demanding four Bitcoins, valued at about $32,000 US, for the protected return of the information.

A Johannesburg spokesman stated town took down the location after it detected a breach and that to date no formal ransom calls for had been made. He additionally performed down the extent of the breach.

“It was picked up very early while it was at the user level, before it reached the applications level where critical information sits,” he told a TV news reporter. “So for us it was important that we safeguard the information first, before we start with the remedial work.”

All your servers have been hacked

Accounts on Twitter advised a distinct story. This purported picture of the ransom word, which was addressed to “Joberg city” claimed to have full management over town’s network. Rather than encrypting the information and demanding a ransom in return for the encryption key, the attackers appeared to threaten to publish the information until the cash was handed over.

“All of your servers have been hacked,” the word acknowledged. “We have dozens of backdoors inside your city.” The word went on to demand the Bitcoin ransom by Monday. “If you don’t pay on time, we will upload the whole data to anyone on the Internet,” the word continued. “If you pay on time, we will destroy all the data we have, and we will send you IT a full report about how we hacked your system and your security….”

A purported screenshot of the note left by attackers of Johannesburg.Enlarge / A purported screenshot of the word left by attackers of Johannesburg.


The group’s Twitter messages additionally stated the location outages weren’t the results of Johannesburg officers taking their techniques offline because the officers claimed, however slightly the hacking group turning off town’s area title system, which is used to assist translate domains into IP addresses. Another Twitter message posted what presupposed to be screenshots exhibiting DNS controls and an Active Directory arrange for Johannesburg City network.

This is the second breach in the previous three months to hit town. In July, Johannesburg’s municipal energy supplier suffered a ransomware attack that left residents with out electrical energy.

In the primary 9 months of this yr, not less than 621 authorities entities, healthcare service suppliers and college districts, faculties and universities have been hit by ransomware, in line with safety agency Emsisoft lately reported. At least 68 of these assaults had been on state, county and municipal entities. An attack in June on Baltimore price town not less than $18 million. Three Florida cities had been additionally contaminated this yr.

Emsisoft spokesman Brett Callow advised Ars that the Johannesburg attackers seemed to be new to the ransomware scene.

“The personalized login screen message is quite unusual and not one we’ve seen before,” he stated. “Nor is the email address provided in the ransom note one that we’ve seen used in other attacks (it’s also never been used in any previous submission to ID Ransomware).”

The Johannesburg spokesman, in the meantime, stated town’s IT workers is working across the clock to get techniques again on-line.



Please enter your comment!
Please enter your name here