News

Ransomware attack disables most Johannesburg IT services

The ransomware group Shadow Kill Hackers took responsibility for the attack on the IT services of Johannesburg, the largest city in South Africa, on October 24, 2019. Attackers demanded 4 bitcoins from the city authorities (approximately $ 35,000 at the current exchange rate).

On their Twitter, hackers claim that they had confidential financial data at their disposal, and a ransom message states that attackers have established full control over the city’s network using “dozens of backdoors.”

“First Group SA/Club Leisure SOUTH AFRICA has been HACKED. We have all their data out.This what happens if you do not pay”, — wrote Shadow Kill Hackers on Twitter.

In addition, as proof of their words, hackers released screenshots demonstrating the management of DNS and Active Directory in Johannesburg’s city network.

When journalists downplayed the threats in news reports, cybercriminals Shadow Kill Hackers did not stop with a sarcastic response:

“Well, we have read some of the news. Many lies. They say no data compromised, yes we DO have their sensitive finance data offline. We have nothing to do with the DDOS attack on your banks. We did not hacked your website, we just turned it’s DNS off lol from internal server lol”, — write Shadow Kill Hackers.

Interestingly, this incident is not an encryptor attack. Therefore, if the city authorities do not pay the ransom, the attackers threaten to publish all the stolen data in the public domain. If they receive the money, the hackers promise to destroy the stolen, as well as explain to the IT staff of the city exactly what gaps in the systems they should close. That is, the data in the affected systems were not encrypted.

Read also: Cybercriminals hide malicious WordPress plugins in visible places

Representatives of Johannesburg confirm the fact of the attack, but first stated that it was detected at an earlier stage, and “critical information” was not affected. However, in the end, the city was forced to temporarily disable almost all of its IT infrastructure, including sites, payment portals and other electronic services..

According to recent reports, the Johannesburg authorities decided not to pay the ransom to the attackers and intend to restore the city’s IT infrastructure on their own.

Interestingly, in the summer of this year, Johannesburg was already subjected to a cyber attack. Then, as a result of the incident, City Power, one of the largest electricity suppliers for the South African metropolis, suffered. As a result, residents of Johannesburg complained en masse about blackouts.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Recent Posts

Remove Streamingsafevpn pop-up ads (Virus Removal Guide)

Streamingsafevpn.com is a site that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Psegeevalrat.net pop-up ads (Virus Removal Guide)

Psegeevalrat.net is a site that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove Thi-tl-310-a.buzz pop-up ads (Virus Removal Guide)

Thi-tl-310-a.buzz is a site that tries to force you into clik to its browser notifications…

3 days ago

Remove Toreffirmading pop-up ads (Virus Removal Guide)

Toreffirmading.com is a domain that tries to force you into subscribing to its browser notifications…

3 days ago

Remove News-xboveho.site pop-up ads (Virus Removal Guide)

News-xboveho.site is a domain that tries to force you into subscribing to its browser notifications…

3 days ago

Remove Glayingly pop-up ads (Virus Removal Guide)

Glayingly.com is a site that tries to trick you into subscribing to its browser notifications…

3 days ago