Johannesburg city under ransomware attack, again
.jpg)
Johannesburg, South Africa's largest city, faces another ransomware attack, months after a crippling infection lead to a blackout on 25 July.
A hacker group that uses the alias Shadow Kill Hackers managed to infect the internal network of the city administration. They are threatening to distribute the authentication and monetary details of millions of citizens online unless they are paid four bitcoins (Apx £25,000) by October 28 at 5 pm local time.
"We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information," reads the ransom note, a screenshot of which has been posted on Twitter.
The city administration has responded by taking all e-services and websites connected to its homepage offline.
"The City of Johannesburg has detected a network breach which resulted in unauthorised access to its information systems," the municipality’s tweet said.
"As a result, several customer-facing systems - including the City’s website, e-services; billing system (SAP ISU and CRM) - have been shut down as a precautionary measure. The investigation, which is set to take 24 hours, means that customers will not be able to transact on e-services or log queries via the City’s Call Centre or Customer Service Centres," it said.
City Power, one of the largest power suppliers in Johannesburg, faced a ransomware infection that leads to a blackout on 25 July. Customers could not load prepaid electricity on the payday of the month.
Cities and municipalities are easy targets for cyber-criminals as they usually lack the budget and skills to set up sufficient security and monitoring, commented Ilia Kolochenko, CEO of ImmuniWeb.
"Worse, they have critical and/or sensitive IT systems that generate incalculable losses if unavailable. Payments in bitcoins largely exacerbate the situation by making attacks virtually untraceable and non-investigable," he said.
Hundreds of municipalities in the US have been hit by ransomware this year, leading to severe disruptions in civic services. Most of them have opted to pay the ransom.
"It is not clear whether Johannesburg opted to pay the attackers following the first incident, but if they did this could be the attackers having another bite at the Apple," noted Andrea Carcano, co-founder and CPO of Nozomi Networks.
"One of the biggest problems victims face when they are infected with ransomware is deciding whether or not to pay. Some feel they have no choice but to give in to hackers demands as the consequences of losing data would be far worse, while others opt to take the hit or rely on backups to get their systems back up and running," he said.
source scmagazineuk
Industry: Cyber Security
Latest Jobs
-
- Outside IR 35 CONTRACT SC CLEARED Cyber Security Operations Analyst SPLUNK ES- UK REMOTE- £500 a day.
- N/A
- 500
-
6 month contract Outside IR35 Operational Cyber Security Analyst. Hands on Splunk Security Enterprise and Security clearance is required As is someone that holds SC clearance. SOC and Vulnerability management experience. Vulnerability Analysis / Management - Tenable
-
- SailPoint Consultant
- Sweden
- Upto €80,000
-
SailPoint Consultant is need for this rapidly expanding global business, The business is currently in the middle of a SailPoint Deployment, they require an experienced Consultant who is able to help them on this Journey You will be responsible for helping to configure and deploy SailPoint as well as on board applications onto the platform You will also work with the business to understand workflow and process to help align the way the business works to ensure that the business gets the most from the deployment We are looking for an experienced SailPoint consultant who has experience with both Deployment and BAU work and is interested in joining a business which is at the start of an interesting IAM Journey
-
- SOC Manager Security Operations. SIEM, Threat / Vulnerability, IR, SOC Service- Exclusive
- United Kingdom
- 90,000+
-
SOC Manager- SIEM, Threat / Vulnerability, Incident response. Exclusive Project. Management and on growth growth of Security Operations Centre capability. Managing and maturing the team, technical services line and fronting client engagements where needed. An in-depth technical background is essential, experience across SOC SIEM/ Threat Hunting (IR) tools, processes, techniques, operational is a MUST. The role will include, but not limited to; evolving the technical process, building operational capability, managing and hiring team, involved at a high level overviewing policy/playbooks, fine turning of the go-to-market collateral etc.
-
- Contact 12 month- Security Operations- Tanium Engineer / Analyst.
- United Kingdom
- Dependent on experience
-
Security Operations engineer / Analyst with Tanium for a 12 month contract. Experience configuring using, managing, supporting troubleshooting Tanium's suite of end point solutions is essential. The opportunity is due to a client expanding its international capability to a follow the sun model. To be involved in spinning up a European capability. Based in the UK. English essential and ideally being fluent in French.