City of Joburg hit by cyber attack

The City of Johannesburg has suffered a cyber security breach.

In a statement posted on social media, the city says: “The City of Johannesburg has detected a network breach which resulted in unauthorised access to its information systems.

“The incident is currently being investigated by City of Joburg cyber security experts, who have taken immediate and appropriate actions to reinforce security measures and mitigate any potential impacts.”

As a result, it says several customer-facing systems – including the city’s Web site, e-services, billing system (SAP ISU and CRM) – have been shut down as a precautionary measure.

“The investigation, which is set to take 24 hours, means that customers will not be able to transact on e-services or log queries via the city’s call centre or customer services centres.”

According to Business Day, the city’s statement came after several city employees received a ransom note, which reads: “All your servers and data have been hacked. We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information.”

The report says the hackers then demand the payment of 4.0 bitcoins by 5pm on 28 October, failing which they will upload all the data onto the Internet.

In July, City Power, the City of Johannesburg’s electricity utility, was hit by a ransomware attack that encrypted databases, applications and networks.

Consultancy firm Deloitte notes the rapid hyper-connectivity and digitisation of cities is accelerating cyber threats.

It says to tackle the challenge, government leaders, urban planners and other key stakeholders should make cyber security principles an integral part of smart city governance, design and operations, not just an afterthought.