Content

Events
About

City Of Johannesburg Announces Second Ransomware Attack In Recent Months

Jeff Orr | 10/24/2019

For the second time in a few months, IT systems for the City of Johannesburg, South Africa, have fallen victim to a ransomware attack. The city has used social media to communicate with citizens and businesses about service outages since the attack was detected.

On October 24, the municipality for the City of Johannesburg announced that it had detected a breach and unauthorized access to its information systems. Several of the city’s websites were taken offline as a precautionary measure. The city’s e-services and electronic communications with citizens were disabled. The city also launched a 24-hour investigation into the attack.

Hackers from a group calling themselves Shadow Kill Hackers took credit for the attack. Computer screens of city personnel were replaced with text from the group, and a Twitter post echoed the demands.

The attackers left a digital ransom note requesting 4 Bitcoin (approximately $36,800) in payment. The group claims to have downloaded personal financial data of citizens from the city servers and will release the data publicly if the ransom is not paid. The note further says that the data will be deleted if the ransom is paid by October 28.

See Related: Reported Ransomware Attacks For 2019 Already Outpacing Total Number Of Incidents In 2018

[inlinead-1]

Ransomware Attacks Increasing Against Public Agencies

In an apparently unrelated incident, banks in Johannesburg were also attacked on the same day that the city’s ransomware attack took over municipal systems. The hacker group responsible for the city breach said it was not responsible for the bank incident.

Ransomware has become the cybercrime of choice for attacks against municipal government agencies. In Spring 2019, the City of Baltimore was taken offline by a pretty simple criminal attack. “Anyone worried about nation-state infrastructure attacks should be paying attention to this,” said CNBC reporter and adjunct professor of cyber security in the Applied Intelligence program at Georgetown University, Kate Fazzini, in an interview with Cyber Security Hub.

See Related: Baltimore Blames NSA For Ransomware Attack

Second Attack On Jo’burg In Three Months

Johannesburg, South Africa, informally known as Jo'burg, is the country’s largest city and the 40th largest urban area in the world. The municipality was impacted by a ransomware attack on an electricity provider in July that left some residents without power. City Power Johannesburg was infected by malware that encrypted the utility provider’s internal network, website and IT systems. The city-owned service allows citizens to sell power back to the utility’s power grid. The malware took the vending capability offline as well as rendered some citizens without electricity.

See Related: Ransomware Aftershock: The Road To Recovery After A Cyber Data Hijack

Upcoming Events


15th Annual Automotive Cybersecurity Detroit 2025

March 11 - 13, 2025
The Henry Hotel, Dearborn, Michigan, US
Register Now | View Agenda | Learn More


Digital Identity Week

09 - 10 September, 2025
Sydney, Australia
Register Now | View Agenda | Learn More

MORE EVENTS