Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

10/25/2019
11:30 AM
50%
50%

Second Ransomware Attack Strikes Johannesburg

Attackers who broke into the city's network demand four Bitcoins in ransom or threaten to share stolen personal and financial data.

The city of Johannesburg, South Africa, has shut down its website and e-services after a group called the Shadow Kill Hackers broke into its network and demanded four Bitcoin in ransom.

On Thursday night, the city posted on Twitter to inform residents of "a network breach which resulted in an unauthorised access to our information systems." The incident is under investigation by Johannesburg's cybersecurity experts, who are working to mitigate the damage and have taken several customer-facing systems, including digital services and e-billing, offline.

Another tweet, from a separate account, contains the ransom note itself: "All of your servers and data have been hacked. We have dozens of backdoors inside your city. We have control of everything in your city. We can shut off everything with a button. We also compromised all passwords and sensitive data, such as finance and personal population information."

If attack group doesn't have the ransom by Oct. 28, it says it will upload the stolen data to the Internet. Four Bitcoin amounts to about 437,500 South African Rand, or $30,000 USD.

Around the same time as the attack, multiple banks also reported connectivity problems believed to be linked to cybercrime. Standard Bank and Absa are among those affected, reports local publiction BusinessDay. At least five banks are believed to be affected by the activity.

This is the second time Johannesburg has been hit with ransomware this year. In July attackers targeted City Power, a municipal entity delivering power to the entire city. The incident blocked residents from buying electricity, uploading invoices, and accessing City Power's website.

Read more details here.

This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/29/2019 | 8:15:02 PM
City power
City Power, a municipal entity delivering power to the entire city. The incident blocked residents from buying electricity, uploading invoices, and accessing City Power's website. This should have been first indicator that city should be doing better job to protect themselves against ransomware attracts.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/29/2019 | 8:11:43 PM
Banks
Around the same time as the attack, multiple banks also reported connectivity problems believed to be linked to cybercrime. This would be more damaging I would say, when people feel their investments are at risk that would create chaos.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/29/2019 | 8:09:00 PM
Really
We have dozens of backdoors inside your city. We have control of everything in your city. We can shut off everything with a button This is really scary. Other aspect of it: is this city really this much smart-city that everything is connected?
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/29/2019 | 8:06:05 PM
Re: Sad reality
many do it just for fun, This is really true. Some do it for monetary gain or pure fame.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/29/2019 | 8:03:53 PM
Second.
Second Ransomware Attack Strikes Johannesburg This is being second is critical information, so no preventive actions after first then?
Maria Clara
50%
50%
Maria Clara,
User Rank: Apprentice
10/25/2019 | 8:43:46 PM
Sad reality
It is very sad to know that people do this to harm other people, many do it just for fun, hacking a site with the intent of meanness is unfortunate.
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...