City of Johannesburg hit by Ransomware


A hacker group known as Shadow Kill Hackers has held Johannesburg, the largest city in South Africa for ransom, demanding 4 bitcoins from the authorities. They threaten to upload the stolen city data on the internet and the deadline given was October 28, 5 pm, local time.

The message by the hackers reads that the servers and data have been hacked and that they have dozens of back doors inside the city. They have control of everything in the city and also compromised all passwords and sensitive data such as finance and personal population information. The message was found on city employee computers, in the form of a logon screen.

The authorities responded by shutting down all the IT infrastructure like websites, payment portals, and other e-services. The confirmation of the breach was later posted in the city’s official Twitter account.

Initially, employees thought they were the victims of a ransomware attack, similar to the one that hit the city’s power grid in July that left many without electricity for days. However, it was later discovered that city computers were not encrypted.

The hackers then went to Twitter to post screenshots showing that they had access to the city’s Active Directory server, and also claimed that they were the ones who took down the website after deactivating the DNS server.

It is not known whether the city officials have decided to pay the ransom demand which is estimated at around $30,000. The officials however suggested that they would be investigating the incident.

The local media also reported on the same day that several South African banks were hit by cyber-attacks attacks, and their services went down. Of the five banks that were attacked includes the Standard Bank and Absa, and the attack appears to be DDoS attacks.

Even though the attacks were reported to be from the same group initially, Shadow Kill Hackers confirmed that they had nothing to do with these attacks.

Several financial institutions were affected by DDoS attacks in the past week. According to a spokesperson, the attacks on the South African banks are just a mere coincidence, happening at the same time with the attack on the Johannesburg municipality’s network.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Nasty PHP7 remote code execution bug exploited in the wild

    Previous article

    Verizon, AT and T, Sprint and T-Mobile to replace SMS with RCS Standard

    Next article

    You may also like

    More in Ransomware


    Leave a reply

    Your email address will not be published. Required fields are marked *