Joburg hack: City refuses to pay Bitcoin ransom

Read time 3min 20sec

The City of Johannesburg says it will not give in to ransom demands from cyber criminals who hacked into the city’s ICT infrastructure last week.

The city hosted a media briefing this afternoon after it was hacked on Thursday.

As a result, several customer-facing systems – including the city’s Web site, e-services, billing system – were shut down as a precautionary measure.

Shadow Kill Hackers – the group behind the hack – then demanded ransom of 4.0 Bitcoin (R545 000), saying: “All your servers and data have been hacked. We have dozens of back doors inside your city. We have control of everything in your city.

“We also compromised all passwords and sensitive data such as finance and personal population information.”

The hackers then demanded the payment of 4.0 bitcoins by 5pm on 28 October, failing which they will upload all the data onto the Internet.

“The individuals responsible have demanded that we pay four Bitcoins valued at approximately R500 000 by today, 28 October 2019,” said Councillor Funzela Ngobeni, the city’s MMC for finance.

“The city will not concede to their demands for Bitcoins and we are confident that we will be able to restore systems to full functionality.”

The city says it can confirm that the recent cyber attack on its ICT systems have had a significant impact on its ability to deliver services to residents.

“The attack breached our network and resulted in unauthorised access to the city’s systems. We have made significant progress. If we continue on this trajectory, we should be able to restore 80% of all our systems.

“We have managed to bring up some of our critical customer facing systems – from a technical perspective – such as our billing (SAP ISU and CRM), property valuation system; land information system, e-health and libraries services.

“We are also working to bring up our e-services. I acknowledge the impact of this on our customers – specifically those who have joined our environmental drive to reduce paper usage by registering to receive their statement by e-mail,” Ngobeni said.

Regrettably, the city notes that its call centre remains down. “Engineers continue to work to resolve these matters. While I do not have an estimated time for the restoration of our call centre, we commit to keeping people updated via our social media pages,” the city official added.

According to the city, this attack is opportunistic in both its form and its timing. “It is opportune in that it is timed to coincide with all city month-end processes affecting both supplier payments and customer payments.

“This attack has reinforced our vigilance and our group forensic department, along with relevant state security bodies are investigating the attack.

“The city has always taken a position against lawlessness of any nature. This cyber attack is seen not only as an attack on city’s system – but as an attack on the people of our city. We have vowed not to rest until we have gotten to the bottom of this matter,” Ngobeni added.

He noted that building plan and town planning systems remain down. “The city’s planning department will be operating on limited services. In view of this, we apologise to our residents, developers and industry partners for the interruption to our usual business operation.

“We have also brought in our ICT international cyber forensic partners who are using state-of-the-art forensic tools to get to the bottom of this matter.

“Our primary goal is ensuring the restoration of all our services and I want to thank Joburgers – our residents; our citizens; our partners; and our suppliers for their patience during this challenging time.”

See also