Ransomware attack disables most Johannesburg IT services

The ransomware group Shadow Kill Hackers took responsibility for the attack on the IT services of Johannesburg, the largest city in South Africa, on October 24, 2019. Attackers demanded 4 bitcoins from the city authorities (approximately $ 35,000 at the current exchange rate).

“First Group SA/Club Leisure SOUTH AFRICA has been HACKED. We have all their data out.This what happens if you do not pay”, — wrote Shadow Kill Hackers on Twitter.

In addition, as proof of their words, hackers released screenshots demonstrating the management of DNS and Active Directory in Johannesburg’s city network.

When journalists downplayed the threats in news reports, cybercriminals Shadow Kill Hackers did not stop with a sarcastic response:

“Well, we have read some of the news. Many lies. They say no data compromised, yes we DO have their sensitive finance data offline. We have nothing to do with the DDOS attack on your banks. We did not hacked your website, we just turned it’s DNS off lol from internal server lol”, — write Shadow Kill Hackers.

Interestingly, this incident is not an encryptor attack. Therefore, if the city authorities do not pay the ransom, the attackers threaten to publish all the stolen data in the public domain. If they receive the money, the hackers promise to destroy the stolen, as well as explain to the IT staff of the city exactly what gaps in the systems they should close. That is, the data in the affected systems were not encrypted.

Read also: Cybercriminals hide malicious WordPress plugins in visible places

Representatives of Johannesburg confirm the fact of the attack, but first stated that it was detected at an earlier stage, and “critical information” was not affected. However, in the end, the city was forced to temporarily disable almost all of its IT infrastructure, including sites, payment portals and other electronic services..

According to recent reports, the Johannesburg authorities decided not to pay the ransom to the attackers and intend to restore the city’s IT infrastructure on their own.