Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

10/25/2019
11:30 AM
50%
50%

Second Ransomware Attack Strikes Johannesburg

Attackers who broke into the city's network demand four Bitcoins in ransom or threaten to share stolen personal and financial data.

The city of Johannesburg, South Africa, has shut down its website and e-services after a group called the Shadow Kill Hackers broke into its network and demanded four Bitcoin in ransom.

On Thursday night, the city posted on Twitter to inform residents of "a network breach which resulted in an unauthorised access to our information systems." The incident is under investigation by Johannesburg's cybersecurity experts, who are working to mitigate the damage and have taken several customer-facing systems, including digital services and e-billing, offline.

Another tweet, from a separate account, contains the ransom note itself: "All of your servers and data have been hacked. We have dozens of backdoors inside your city. We have control of everything in your city. We can shut off everything with a button. We also compromised all passwords and sensitive data, such as finance and personal population information."

If attack group doesn't have the ransom by Oct. 28, it says it will upload the stolen data to the Internet. Four Bitcoin amounts to about 437,500 South African Rand, or $30,000 USD.

Around the same time as the attack, multiple banks also reported connectivity problems believed to be linked to cybercrime. Standard Bank and Absa are among those affected, reports local publiction BusinessDay. At least five banks are believed to be affected by the activity.

This is the second time Johannesburg has been hit with ransomware this year. In July attackers targeted City Power, a municipal entity delivering power to the entire city. The incident blocked residents from buying electricity, uploading invoices, and accessing City Power's website.

Read more details here.

This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Maria Clara
50%
50%
Maria Clara,
User Rank: Apprentice
10/25/2019 | 8:43:46 PM
Sad reality
It is very sad to know that people do this to harm other people, many do it just for fun, hacking a site with the intent of meanness is unfortunate.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/29/2019 | 8:03:53 PM
Second.
Second Ransomware Attack Strikes Johannesburg This is being second is critical information, so no preventive actions after first then?
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/29/2019 | 8:06:05 PM
Re: Sad reality
many do it just for fun, This is really true. Some do it for monetary gain or pure fame.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/29/2019 | 8:09:00 PM
Really
We have dozens of backdoors inside your city. We have control of everything in your city. We can shut off everything with a button This is really scary. Other aspect of it: is this city really this much smart-city that everything is connected?
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/29/2019 | 8:11:43 PM
Banks
Around the same time as the attack, multiple banks also reported connectivity problems believed to be linked to cybercrime. This would be more damaging I would say, when people feel their investments are at risk that would create chaos.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/29/2019 | 8:15:02 PM
City power
City Power, a municipal entity delivering power to the entire city. The incident blocked residents from buying electricity, uploading invoices, and accessing City Power's website. This should have been first indicator that city should be doing better job to protect themselves against ransomware attracts.
Greater Focus on Privacy Pays Off for Firms
Robert Lemos, Contributing Writer,  1/27/2020
Average Ransomware Payments More Than Doubled in Q4 2019
Jai Vijayan, Contributing Writer,  1/27/2020
Emerging Long-Range WAN Networks Vulnerable to Hacking, Compromise
Jai Vijayan, Contributing Writer,  1/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Physical Security Privilege Escalation
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3215
PUBLISHED: 2020-01-29
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
CVE-2019-18634
PUBLISHED: 2020-01-29
In Sudo through 1.8.29, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist onl...
CVE-2013-2568
PUBLISHED: 2020-01-29
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code.
CVE-2013-2569
PUBLISHED: 2020-01-29
A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to the live video stream.
CVE-2013-2570
PUBLISHED: 2020-01-29
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code.