Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

10/25/2019
11:30 AM
50%
50%

Second Ransomware Attack Strikes Johannesburg

Attackers who broke into the city's network demand four Bitcoins in ransom or threaten to share stolen personal and financial data.

The city of Johannesburg, South Africa, has shut down its website and e-services after a group called the Shadow Kill Hackers broke into its network and demanded four Bitcoin in ransom.

On Thursday night, the city posted on Twitter to inform residents of "a network breach which resulted in an unauthorised access to our information systems." The incident is under investigation by Johannesburg's cybersecurity experts, who are working to mitigate the damage and have taken several customer-facing systems, including digital services and e-billing, offline.

Another tweet, from a separate account, contains the ransom note itself: "All of your servers and data have been hacked. We have dozens of backdoors inside your city. We have control of everything in your city. We can shut off everything with a button. We also compromised all passwords and sensitive data, such as finance and personal population information."

If attack group doesn't have the ransom by Oct. 28, it says it will upload the stolen data to the Internet. Four Bitcoin amounts to about 437,500 South African Rand, or $30,000 USD.

Around the same time as the attack, multiple banks also reported connectivity problems believed to be linked to cybercrime. Standard Bank and Absa are among those affected, reports local publiction BusinessDay. At least five banks are believed to be affected by the activity.

This is the second time Johannesburg has been hit with ransomware this year. In July attackers targeted City Power, a municipal entity delivering power to the entire city. The incident blocked residents from buying electricity, uploading invoices, and accessing City Power's website.

Read more details here.

This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Maria Clara
50%
50%
Maria Clara,
User Rank: Apprentice
10/25/2019 | 8:43:46 PM
Sad reality
It is very sad to know that people do this to harm other people, many do it just for fun, hacking a site with the intent of meanness is unfortunate.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/13/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14300
PUBLISHED: 2020-07-13
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in th...
CVE-2020-14298
PUBLISHED: 2020-07-13
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the co...
CVE-2020-15050
PUBLISHED: 2020-07-13
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
CVE-2020-10987
PUBLISHED: 2020-07-13
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
CVE-2020-10988
PUBLISHED: 2020-07-13
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.