A hacker group known as the Shadow Kill Hackers is holding Johannesburg, South Africa’s largest city, for ransom. They are demanding 4 bitcoins from Johannesburg authorities, or they’ll upload stolen city data on the internet.
The deadline is October 28, 5 pm, local time, according to a message from the hackers.
“Your servers and data have been hacked,” the note reads. “We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information.”
The message was discovered on city employee computers, in the form of a logon screen.
The authorities immediately shut down all of the IT infrastructure, including websites, payment portals and various other e-services. A breach was later confirmed via the city’s Twitter account.
While employees intiitally thought that they were victims of a ransomware attack, it was later discovered that the computers were not actually encrypted.
Furthermore, the hackers went to Twitter to post screenshots showing that they had access to the city’s Active Directory server, even claiming that they were the ones who took down the website after deactivating the DNS server.
City officials were not available for comment. It is unclear if they intend to pay the ransom demand, estimated at around $30,000. In some interviews, city officials also suggested they would be investigating the incident as the work of a disgruntled current or former city employee.
It’s more important than ever for businesses around the world to enact stricter Cyber Security policies and work with an IT provider that can help them secure valuable data.