Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Technology

City of Johannesburg Hit by Ransomware, Again (zdnet.com) 24

A hacker group going by the name of Shadow Kill Hackers has infected the city of Johannesburg's internal network with ransomware and is holding South Africa's largest city for ransom. From a report: The hackers are demanding 4 bitcoins to be paid by next Monday, October 28, 5 pm, local time, or they claim they'll upload the city's data on the internet. "Your servers and data have been hacked," the ransom note reads, according to reports from local media [1, 2, 3, 4] and a screenshot posted on Twitter. "We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information," the note said. Authorities responded by shutting down all the IT infrastructure, such as websites, payment portals, and other e-services. A breach was later confirmed via the city's official Twitter account. This is the second time in the past four months that the city's network was hit by ransomware. In July, hackers installed ransomware on the city power provider's network, leaving some residents without electricity for days.
This discussion has been archived. No new comments can be posted.

City of Johannesburg Hit by Ransomware, Again

Comments Filter:
  • It seems like at a certain point that countries are just going to hire mercenaries to take out these ransomware fools.

    • Maybe before answering like that you should try to comprehend [youtube.com] the state South Africa is in.

      Hint: It can be summarized by a death spiral, and it is a very inconvenient truth.
      • Before you reply, yeah, GREAT, I can't get to the video anymore.

        Here's one of the closest explanations [youtube.com].

        Le sigh. This is exactly why you can't let one of the FANGs monopolize the operating quadrant. RIP free speech.
    • It seems like at a certain point that countries are just going to hire mercenaries to take out these ransomware fools.

      They can't find their ass with both hands and a GPS, you think they can find these hackers? You don't get nailed by ransomware twice in a row by being competent. It's not happening to everyone.

      It's truly pathetic how virtually everyone is willing to skimp on IT. Their entire business model depends on it, but they don't want to invest in it.

      • Re:Huh... (Score:4, Interesting)

        by rtb61 ( 674572 ) on Friday October 25, 2019 @09:52PM (#59349008) Homepage

        Inside job. The lower the salaries the easier it is to offer a years salary for a few minutes effort, adding hardware to the system, any open USB port, any network port temporarily accessible, access to a notebook to be connected back into the system. Some countries will get hacked regularly, over an over and over again. Even management can be bought, the greater the value of the theft, the greater the bribe.

        Unregulated crypto currency will eventually be banned outright in many countries, get caught with it and you will have to prove you obtained it legally and then they will confiscate it, can not prove you obtained it legally and search warrant and fishing expedition to see if they can find evidence of a crime associated with the illegal currency. Having an illegal crypto file on you PC whilst not as bad as other unmentionable content, will still end up being quite bad because of exactly this kind of action.

        • Unregulated crypto currency will eventually be banned outright in many countries ...

          You only need one where it isn't. That aside, copyright-infringing downloads are banned pretty much everywhere, but that does't stop it. If someone is already breaking the law by doing ransomware, they're not going to be stopped just because digital (not crypto!) currency is illegal.

        • by Agripa ( 139780 )

          Unregulated crypto currency will eventually be banned outright in many countries, get caught with it and you will have to prove you obtained it legally and then they will confiscate it, can not prove you obtained it legally and search warrant and fishing expedition to see if they can find evidence of a crime associated with the illegal currency.

          So like cash in the US now?

    • by msauve ( 701917 )
      "at a certain point that countries are just going to hire mercenaries to take out these ransomware fools."

      If you know how to ID and locate them, I'm pretty sure they would pay you more than 4 bitcoins for the info.And if you can't, stop talking out your ass.
    • It seems like at a certain point that countries are just going to hire mercenaries to take out these ransomware fools.

      If you think it's easy to find whoever is behind attacks like this, you must be new to this planet.

      • by gweihir ( 88907 )

        It seems like at a certain point that countries are just going to hire mercenaries to take out these ransomware fools.

        If you think it's easy to find whoever is behind attacks like this, you must be new to this planet.

        While I understand the sentiment, most vocally aggressive people have not the first clue about how things actually work.

    • by gweihir ( 88907 )

      While I am not opposed to the idea in principle, reliable attribution of Internet-based attacks is basically impossible. These mercs will far more likely be sent after some people they do not like, if it ever becomes possible to actually send mercs without committing an act of war.

  • by raymorris ( 2726007 ) on Friday October 25, 2019 @09:00PM (#59348916) Journal

    Hopefully after the ransomware a few months ago, they set up proper backups. Proper backups are:

    Automated
    Off-site
    Pull, not push (a machine can't overwrite the backup of itself)
    Rotated (you have backups from multiple times)
    Tested!

    The majority of small businesses who think they have backups running actually don't. They haven't tested in years, so don't know it stopped working 9 months ago. I don't know the percentage for government agencies.

    • by NFN_NLN ( 633283 ) on Friday October 25, 2019 @09:04PM (#59348928)

      They'r threatening to release the data not just ransoming keys. I don't think this is a cut and dry ransom-ware scenario, I think it is a blackmail situation.

      • That's a good point. I wonder if they, like some organizations, didn't know about assigning different rights to different groups of users, so everyone who needed "special privileges" was a domain admin. As soon as one DA gets phished or hacked, rhe bad guys own the entire organization.

        - For those unfamiliar, the people who admin your domain server are the domain admin group. You make other groups for people with other job functions, assigning the access rights they need (and no more).

        • At one point I worked in such an environment - and yeah, everyone had admin and one guy kept getting the shared file server infected with viruses. But the boss kept insisting everyone had to be a full admin so they could install weatherbug or something else like that.

          I wasn’t involved on the Windows side, thankfully. Also, I’m glad that all happened in the days before ransomware became a thing. Finally, I’m glad that boss is inflicting his management elsewhere.

    • Naw.

      This is one of those lovely e-mail things where the perpetrator claims to have hacked your web cam and took pictures of you while you were pleasuring yourself along with the what you were watching while you were doing it, and asking for money to not send the video to all your facebook friends.

      The difference in this case is that the particular politician is not mentioned and that the pictures will be released to "E for Everyone".

      This has a very high likelihood of success, a very low risk, and it does not

      • not quite, already pictures have been leaked when it's clearly shown that they were able to modify the domain controller's group policy and show a message on the screen before login.

        this is real not a phishing email

    • by gweihir ( 88907 )

      They probably did nothing at all. After all, this was an one-time event, a fluke, right?

      The thing is to be vulnerable to this at all, they must already have massively screwed up, with grossly incompetent people in all key positions. After that, being attacked again and again is just a consequence.

  • Upload to the Internet lol Thanks

  • South Africa used to be a great place. They had wealth, prosperity, lots of well educated people. Then something happened. I'm not sure what but it's falling into race wars where there are elected politicians calling for the seizure of land from white farmers. As I recall one such politician said he won't call for these white farmers to be killed, at least not yet.

    These race wars have driven out many people of European ancestry, even though some of them have families that lived on the same farms in Sout

    • Yeah, that's the problem. South Africa is currently in a pre-Zimbabwe state. There's no way to fix what's happening in Johannesburg because there's no money, no will, rampant corruption, and more. Probably what'll happen is the attacker will be told "fsck you, go ahead and release it", because there's not much else that can be done.
    • The left loves the idea of immigration into wealthy countries, even when it takes place by illegally swarming in. You see, people have a Right To Travel, not just to visit new places but to settle permanently, wherever they wish.

      But when white people move somewhere else, it's called "colonization." English majors believe that using this word makes immigration evil.

  • A hacker group going by the name of Shadow Kill Hackers has infected the city of Johannesburg's internal network with ransomware and is holding South Africa's largest city for ransom

    Come on, James Bond. Can't someone shadow kill hackers?

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...