City of Johannesburg falls victim to ransomware attack
The City of Johannesburg has taken its systems offline following a ransomware attack in which hackers are reported to have demanded 4 Bitcoins, failing which they threatened to make public all of the city’s data.
The City stated late Thursday that it had “detected a network breach which resulted in unauthorized access to its information systems”. It said: “The incident is currently being investigated by the City of Joburg cyber security expert, who have taken immediate and appropriate actions to reinforce security measures and mitigate any potential impacts. As a result, several customer-facing systems - including the City’s website, e-services, billing system (SAP ISU and CRM) – have been shut down as a precautionary measure. The investigation, which is set to take 24 hours, means that customers will not be able to transact on e-servicesor log queries via the City’s Call Centre or Customer Services Centres.”
Anna Collard, Managing director at Popcorn Training, a KnowBe4 company, said on the breach: “Breaches occur on a regular basis. While large ones hit the headlines, small ones are continuous like a dripping tap and the full scale of these breaches can’t be fully appreciated until looked at in totality.”
Anton Ivanov, security researcher at Kaspersky, noted: “The threat of ransomware remains as powerful as ever, and our detection data shows that larger organisations, such as city authorities and enterprises, are the fastest growing target. According to our data, attacks on employees of large organisations have gone up 17.9% in the last 12 months (from 198,334 in the period June 2017 to end May 2018, to 233,763 for June 2018 to end May 2019), compared to an increase of just 3% in attacks on individual consumers.
Attacks on urban infrastructure are often worryingly successful, with far reaching impact on essential systems and processes, affecting not just the authority itself but local businesses and citizens. What makes cities a target? It could be the fact that they run vast networks of connected technology that can be hard to update, manage and patch effectively, or because the attackers believe they may be more inclined to pay the ransom to avoid recovery costs that can be many times higher than the ransom fee.”