- The City of Johannesburg has refused to pay a ransom to hackers after being hit with a cyberattack on Oct. 24 that forced the city to shut down its online services and its call center. The attack has crippled online functions like billing and property valuation.
- In a statement on Monday, the city said it knew how the attack had taken place and that it was making "significant progress" in returning services back to normal.
- The group Shadow Kill Hackers claimed responsibility, according to multiple reports, and demanded payment of four bitcoins valued at roughly $35,000 by Tuesday or they would release city data. That deadline has passed with no information being leaked.
This is the second cyberattack to hit Johannesburg this year. In July, one of the city's largest power suppliers was hit with a ransomware attack that left many residents without power for days. According to local reports, several banks were also hit with cyberattacks last week, although Shadow Kill Hackers said they were not responsible, according to a Twitter screenshot captured by ZDNet (the account for the group has been suspended).
Cities have become increasingly frequent targets for cyberattacks around the world. They often lack robust cybersecurity networks because of low investment — a 2018 Deloitte-NASCIO survey found that nearly half of states do not have a separate cybersecurity budget line and most allocate less than 3% of their IT budgets to cyber threat preparation — but also tend to carry insurance that would allow them to pay ransom.
However, Johannesburg joins a trend of cities refusing to pay after attacks. In a statement, City Councilor Funzela Ngobeni said the government would "not concede to their demands" and was instead focused on restoring its network and opening up call centers for the public. Security experts have advised cities not to pay hackers, since it encourages hackers and can set a bad precedent.
In July, more than 225 mayors signed onto a U.S. Conference of Mayors resolution to not pay ransom, saying the group has a "vested interest in de-incentivizing" future attacks.