An threat actor that calls itself the “Shadow Kill Hackers” has executed a data breach and ransomware attack against City of Johannesburg, South Africa — the second time in four months that the metropolis has contended with a cyber extortion plot.
Via its official Twitter account yesterday, city officials acknowledged the incident as simply a “network breach,” but multiple news and social media sources have revealed additional details, including the apparent ransom note, in which the attackers demand a payment of 4.0 bitcoins.
In response to the attack, Johannesburg was forced to shut down its website, e-services and billing system. “The investigation, which is set to take 24 hours, means that customers will not be able to transact on e-services or log queries via the City’s Call Centre or Customer Services Centres,” the city has tweeted. Residents of the municipality can at least still make payments via EFT and third-party payment services.
“Hello Joburg city! Here are Shadow Kill Hackers speaking. All of your servers and data have been hacked. We have dozens of backdoors inside your city. We have control of everything in your city. We can shut off everything with a button,” the ransom note states. “We also compromised all passwords and sensitive data, such as finance and personal population information. Your city must pay us 4.0 Bitcoins… If you don’t pay on time, we will upload the whole data available to anyone in the internet.”
On the other hand, the note says if Johannesburg pays up, the hackers will destroy the stolen data and provide a report on how they committed the breach.
Last July, Johannesburg’s electricity supplier City Power was hit with ransomware that encrypted its systems.