Hacker Group Demands Ransom of 4 Bitcoin from Johannesburg Municipality

Crypto Hacker

A group named “Shadow Kill Hackers” has targeted the largest city of South Africa, Johannesburg, and demanded a ransom of four Bitcoin(BTC)trade or they will publish the stolen city data on the internet.

According to a message displayed on the computer of the city’s employees, the deadline to pay the ransom is October 28, 5 pm, local time. As per the message, the hackers have found several backdoors or vulnerabilities through which they have gained control over how the city operates.

The message reads:

“Hello Joburg city! Here are Shadow Kill Hackers speaking. All of your servers and data have been hacked. We have dozens of backdoors inside your city. We have control of everything in your city. We can shut off everything with a button. We also compromised all your passwords and sensitive data, such as finance and personal population information. Your city must pay us 4.0 Bitcoin to the following address [….] until October 28, 17:00 your time.”

The hackers have also included the Bitcoin wallet address and further threatened that if the city authorities won’t pay on time, the hackers will upload all the data available to anyone on the internet. If they pay on time, the hackers will destroy all the collected data and handover a report on how they have hacked into the system.

The city’s authority has shut down various online properties including websites, payment portals, and other e-services. The Twitter handler ‘City of Joburg’ (the official city’s municipality) confirmed the attacks and tweeted that “The City has detected a network breach in its systems.”

The city was previously targeted by hackers where the city’s power grid was compromised and left many citizens without electricity for nearly a week. Some employees first surmised that this current attack was similar but it was later discovered that the city computers were not encrypted.

The hacker group was active on Twitter and published a screenshot, showing that they had access to the city’s Active Directory server and claimed that they were responsible for taking down the website after deactivating its DNS server.

City officials denied to comment on the incident yet and it remains unclear if they will pay ransom or not. They would probably investigate the incident deeper as it might involve current or former city employees.

Five South African banks were also targeted by what appeared to be DDoS attacks on the same day as reported by some of the banks. However, the group of hackers confirmed that they weren’t responsible for the attacks on these banks.

This isn’t the first time that hackers go after city municipalities for Bitcoin ransom. This year, many other cities were targeted as well, including in California and Florida.

Sharing Is Caring: