The City of Johannesburg, South Africa suffered a ransomware attack last Thursday that prompted the city to take its call center, website and e-services platform offline. The threat actor, calling themselves the Shadow Kill Hackers, not only encrypted data on infected systems, but also stole unencrypted records. They are threatening to release the data unless the city pays them four bitcoin (around $37,500 at the time of writing) before 5 p.m. local time Monday. The hackers say they have obtained passwords, financial records, personal population information and other sensitive data.
The financial impact of the attack is likely to be huge, since Johannesburg is South Africa’s main financial center and accounts for 16% of the country’s GDP. This is not the first major ransomware incident affecting the City of Johannesburg. In July of this year, a pay-as-you-go power provider owned by the city also had its network infected with file-encrypting malware that rendered many of its services unavailable.
Read more: Ransomware hackers demand payment for not releasing Johannesburg data