Johannesburg, the biggest city in South Africa and the 26th largest city worldwide, has shut down its website, billing and electronic services after being hit by a serious network attack, the second one in three months, municipality officials said.
A group calling itself Shadow Kill Hackers took to Twitter to take credit for the attack, claiming it took Johannesburg's “sensitive finance data offline.” The group is demanding 4 Bitcoins, valued at about $32,000 US, for the safe return of the data.
A Johannesburg spokesman said the city took down the site after it detected a breach and that so far no formal ransom demands had been made. He also played down the extent of the breach.
“It was picked up very early while it was at the user level, before it reached the applications level where critical information sits," he told a TV news reporter. “So for us it was important that we safeguard the information first, before we start with the remedial work.”
All your servers have been hacked
Accounts on Twitter told a different story. This purported image of the ransom note, which was addressed to “Joberg city” claimed to have full control over the city's network. Rather than encrypting the data and demanding a ransom in return for the encryption key, the attackers appeared to threaten to publish the data unless the money was handed over.
“All of your servers have been hacked,” the note stated. “We have dozens of backdoors inside your city.” The note went on to demand the Bitcoin ransom by Monday. “If you dont pay on time, we will upload the whole data to anyone on the Internet,” the note continued. “If you pay on time, we will destroy all the data we have, and we will send you IT a full report about how we hacked your system and your security….”
The groups Twitter messages also said the site outages werent the result of Johannesburg officials taking their systems offline as the officials claimed, but rather the hacking group turning off the citys domain name system, which is used to help translate domain names into IP addresses. Another Twitter message posted what purported to be screenshots showing DNS controls and an Active Directory set up for Johannesburg City network.
