SOUTH AFRICA – The city of Johannesburg has roped in international partners to deal with a cyber attack, and will not concede to a R400,000 ransom demand by the Shadow Kill Hackers.
Hackers gave the city until 5pm on Monday to pay it 4.0 bitcoins, estimated to be worth around R400,000, failing which they would leak compromised city data on the internet.
The city’s finance MMC, Funzela Ngobeni, said on Monday that experts had been working around the clock following a computer network security breach last Thursday.
He said the cyber attack had had a “significant impact on our ability to deliver services to our residents”, but was confident that 80% of the service would be reinstated by the close of business on Monday.
“I can confirm the city will not concede to their demands. We are confident we will be able to restore our systems to full functionality. We have made significant progress,” said Ngobeni.
Customers have not been able to transact on e-services or log queries via the call centre.
Ngobeni said the city had brought in international cyber forensic partners who were using “state-of-the-art forensic tools to get to the bottom of the matter”.
Cyril Baloyi, head of IT in the city, said through extensive investigations they had located the origin of the attack.
The hackers earlier said they had control over sensitive information, but Baloyi said they did not have financial information.
“All your servers and data have been hacked. We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information,” read the hackers’ note.
Baloyi acknowledged there had been loopholes in the network.
“We are fully aware we do have loopholes in the city of Joburg. We do have already a plan that was approved on October 3, but unfortunately we were hit before our plans could be implemented,” said Baloyi.
Despite knowing the hackers’ location, the city was uncertain if it would institute criminal charges and said authorities, including the Hawks, had been looking into the matter.
It was unclear when the remaining 20% of services would return to normal.
The city apologised for the attack, which it described as an attack on residents.
“We have vowed not to rest until we get to the bottom of this matter. This cyber attack has reinforced our vigilance, and our group forensic department along with relevant state bodies are investigating this attack,” said Ngobeni.