City Of Johannesburg Announces Second Ransomware Attack In Recent Months

Municipal Servers, Websites and Call Center Services Taken Offline

Jeff Orr


For the second time in a few months, IT systems for the City of Johannesburg, South Africa have fallen victim to a ransomware attack. The city has used social media to communicate with citizens and businesses about service outages since the attack was detected.

On October 24, the municipality for the City of Johannesburg announced that it had detected a breach and unauthorized access of it information systems. Several of the city’s websites were taken offline as a precautionary measure. The city’s e-services and electronic communications with citizens were disabled. The city also launched a 24-hour investigation into the attack.

City of Johannesburg tweet

Hackers from a group calling itself Shadow Kill Hackers took credit for the attack. Computer screens of city personnel were replaced with text from the group and a Twitter post echoed the demands.

The attackers left a digital ransom note requesting 4 Bitcoin (approximately $36,800) in payment. The group claims to have downloaded personal financial data of citizens from the city servers and will release the data publicly if the ransom is not paid. The note further says that the data will be deleted if the ransom is paid by October 28.

See Related: Reported Ransomware Attacks For 2019 Already Outpacing Total Number Of Incidents In 2018

Ransomware Attacks Increasing Against Public Agencies

In an apparently unrelated incident, banks in Johannesburg were also attacked on the same day that the city’s ransomware attack took over municipal systems. The hacker group responsible for the city breach said it was not responsible for the bank incident.

Ransomware has become the cybercrime of choice for attacks against municipal government agencies. In Spring 2019, the City of Baltimore was taken offline by a pretty simple criminal attack. “Anyone worried about nation-state infrastructure attacks should be paying attention to this,” said CNBC reporter and adjunct professor of cyber security in the Applied Intelligence program at Georgetown University, Kate Fazzini, in an interview with Cyber Security Hub.

See Related: Baltimore Blames NSA For Ransomware Attack

Second Attack On Jo’burg In Three Months

Johannesburg, South Africa, informally known as Jo'burg, is the country’s largest city and the 40th largest urban area in the world. The municipality was impacted by a ransomware attack on an electricity provider in July that left some residents without power. City Power Johannesburg was infected by malware that encrypted the utility provider’s internal network, website and IT systems. The city-owned service allows citizens to sell power back to the utility’s power grid. The malware took the vending capability offline as well as rendered some citizens without electricity.

See Related: Ransomware Aftershock: The Road To Recovery After A Cyber Data Hijack