Johannesburg City Hall
/ Johannesburg Municipal Government.


Johannesburg, the greatest city in South Africa and the 26 th biggest city around the world, has actually closed down its site, billing and electronic services after being struck by a major network attack, the 2nd one in 3 months, town authorities stated

A group calling itself Shadow Eliminate Hackers required to Twitter to take credit for the attack, declaring it took Johannesburg’s “ delicate financing information offline” The group is requiring 4 Bitcoins, valued at about $32,000 United States, for the safe return of the information.

A Johannesburg representative stated the city removed the website after it spotted a breach which up until now no official ransom needs had actually been made. He likewise soft-pedaled the level of the breach.

” It was gotten really early while it was at the user level, prior to it reached the applications level where crucial info sits,” he informed a TELEVISION news press reporter. “So for us it was necessary that we secure the info initially, prior to we begin with the therapeutic work.”

All your servers have actually been hacked

Accounts on Twitter informed a various story. This supposed image of the ransom note, which was dealt with to “Joberg city” declared to have complete control over the city’s network. Instead of securing the information and requiring a ransom in return for the file encryption secret, the assailants appeared to threaten to release the information unless the cash was turned over.

” All of your servers have actually been hacked,” the note specified. “We have lots of backdoors inside your city.” The note went on to require the Bitcoin ransom by Monday. “If you do not pay on time, we will submit the entire information to anybody on the Web,” the note continued. “If you pay on time, we will ruin all the information we have, and we will send you IT a complete report about how we hacked your system and your security …”

A purported screenshot of the note left by attackers of Johannesburg.
/ A supposed screenshot of the note left by assailants of Johannesburg.


The group’s Twitter messages likewise stated the website interruptions weren’t the outcome of Johannesburg authorities taking their systems offline as the authorities declared, however rather the hacking group switching off the city’s domain system, which is utilized to assist equate domain into IP addresses. Another Twitter message published what supposed to be screenshots revealing DNS controls and an Active Directory site established for Johannesburg City network.

This is the 2nd breach in the previous 3 months to strike the city. In July, Johannesburg’s community power service provider suffered a ransomware attack that left homeowners without electrical energy.

In the very first 9 months of this year, a minimum of 621 federal government entities, health care company and school districts, institution of higher learnings have actually been struck by ransomware,.
according to security company Emsisoft just recently reported. A minimum of 68 of those attacks were on state, county and community entities. An.
attack in June on Baltimore cost the city a minimum of $18 million.
3 Florida cities were likewise contaminated this year.

Emsisoft representative Brett Callow informed Ars that the Johannesburg assailants seemed brand-new to the ransomware scene.

” The tailored login screen message is rather uncommon and not one we have actually seen prior to,” he stated. “Nor is the e-mail address supplied in the ransom note one that we have actually seen utilized in other attacks (it’s likewise never ever been utilized in any previous submission to ID Ransomware).”

The Johannesburg representative, on the other hand, stated the city’s IT personnel is working all the time to get systems back online.