Hackers shut down Johannesburg’s networks once again

Hackers shut down Johannesburg’s networks once again

Johannesburg, South Africa is an alpha city on a booming continent, a financial powerhouse, and one of the most important cities in the world. It’s also a repeat victim of hackers who at least twice in three months have shut down important city services and networks.

**The new attack: **On Thursday night, the city of Johannesburg shut down its website, e-services, and billing as a “network breach which resulted in unauthorized access to [city government] information systems.”

Local media reported that hackers demanded ransom but city spokesman Ntahtise Modingwane went on television on Friday to assert that there was no “formal demand for ransom.”

“What we do know is that, yes, the system was hacked and we’re doing everything in our power to make sure the system is protected,” Modingwane said. “The hacking happened at the user level, not at the application level which is where the critical data sits. When we noticed the user level being impacted, we shut down the system as a precautionary measure to protect the critical information of customers.”

City officials don’t know who is behind this latest attack.

Powerless: As a city with a population well above five million people, Johannesburg is the biggest city to fall victim to ransomware—and now another unspecified hack.

In July, a separate ransomware incident hit the city’s power utility company. Some residents who were left without power for days because customers couldn’t pay for their power while the company’s databases were encrypted and, for a time, useless.

Just hours after Johannesburg was hit this week, the South African Banking Risk Information Centre reported that multiple banks were targeted with distributed denial-of-service attacks, according to local news broadcaster eNCA.

The exact details of that attack remain unclear as well and banking services have been disrupted to some extent but the banks say no data breach or risk to customers has occurred. It’s unknown if the two incidents are related or two separate hacking groups crossing paths as they simultaneously target South Africa’s capital city.

Ransomware-as-a-business: Criminals searching for vulnerable targets and worthwhile paydays have zeroed in on local governments around the globe. In the United States, at least 80 state and local governments have been hit. At a fundamental level, the reason is obvious.

“It’s hugely profitable,” said Fabian Wosar, the chief technical officer for the cybersecurity firm Emsisoft.

“Back in 2015, there was something like 92 unique ransomware families,” said Ed Cabrera, chief cybersecurity officer of Trend Micro. “By 2016, the number is 247 which is around a 750% increase." The growth reflects how attractive the attacks are for hackers, he said. "It usually takes months for traditional malware to monetize attacks but ransomware monetizes within minutes or days.”

And the attacks are getting more sophisticated.

“Before, it was a volume play with spray and pray tactics,” Cabrera said. “Now they do a little more homework on access and persistence so they might have more of a payout toward the end. With ransomware-as-a-service, you’re able to scale quicker and have a bigger return.”

ImagePhoto: Andrew Moore - Flickr, CC BY-SA 2.0

ImagePhoto: Andrew Moore - Flickr, CC BY-SA 2.0