The City of Johannesburg was under a ransomware attack. The city’s municipality website, e-services platform, and the billing system (SAP ISU and CRM) were shut down consequently. The city council also released an alert to the city regarding the threat. The incident is being investigated by the City of Joburg cybersecurity experts. They are also working to recover the service and not allow any further damage to their system.
This is a second ransomware attack that has hit South Africa. Earlier in the year, in July, the South African electric utility City Power was under attack, and all its systems were encrypted, including databases and its applications. City Power is owned by Johannesburg city municipality and is one of the largest power suppliers in the city.
Municipality services shut down
The municipality issues an alert for the city. In which, they said they are shutting down the City’s website, its e-services platform, and the billing system (SAP ISU and CRM). This is a precautionary measure to limit the damage. They are investigating the attack, which will take 24 hours. So until then, customers can’t use their services for transactions.
Attackers have asked for a Ransom
The attackers call themselves, ‘the Shadow Kill Hackers.’ They have asked for four bitcoins (around $30,493) in their ransom note, which has to be paid by Oct 28. Their ransom note was shared on Twitter by the local media, in which they alleged that the city’s server and data are under their control. All the passwords and sensitive data has been compromised. But the city hasn’t paid the ransom as no transactions are available on the attacker’s BTC address.
Critical Systems are being restored:
The municipality’s Twitter account tweeted that some of the critical systems are being restored at the moment. While other services will be offline for the time being. While now, customers can use EFT and 3rd party payment services for their municipal account payment.