A group of cybercriminals calling themselves the “Shadow Kill Hackers” has reportedly attacked the City of Johannesburg (South Africa) administration website — and is threatening to upload the stolen data on the internet unless it receives a Bitcoin ransom.
The hackers are requesting the city pays over $30,000 (4 BTC) by October 28 at 5PM, reports Business Day.
[ON AIR] The City of Johannesburg’s website has been hacked. For a broader look at cybersecurity Andrew Sjoberg, the Chief Technical Officer of DRS joins us. #TheRundown with @MichelleL_Craig Courtesy #DStv403pic.twitter.com/D2qyeuKjt8
— eNCA (@eNCA) October 25, 2019
The city tweeted that it had “detected a network breach which resulted in unauthorized access to our information systems.”
“The incident is currently being investigated by City of Joburg [sic] cybersecurity experts, who have taken immediate and appropriate action to reinforce security measures to mitigate any potential impacts. As a result several customer-facing systems — including the city’s website, e-services and billing systems — have been shut down as a precaution,” it adds.
It’s believed the attack took place in the early hours of October 25, when the criminals disabled the city’s website and all related online services.
Several city employees said they received a ransom note saying: “All your servers and data have been hacked. We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information.”
The alleged hack coincided with several banks reporting internet problems, which are thought to be related to the attack.
Local security experts and police are running an investigation, but it’s worth noting the attack comes amid a flurry of similar incidents in other parts of the world.
In early September, a hacker held the computer systems of a southern Spanish city, demanding a Bitcoinransom to unlock them.
About a month later, several US hospitals opted for paying the requested ransom payments (likely in cryptocurrency) after being targetted with Ryuk ransomware.
Although it’s important to bear in mind that experts typically advise not to pay the ransom, this is unlikely to deter criminals from trying their luck.