A group calling itself the Shadow Kill Hackers claims to now have access to the private data of millions of South Africans which it has threatened to leak unless four bitcoins – about R400,000 (£30,000) – are deposited into a secret digital wallet. In response, the authority closed all its online facilities such as the official website and e-payment systems. To add to the confusion, the city’s deputy director of communications – Nthatisi Modingoane – said specialists were investigating, but he denied there had been any ransom demand.
“The City can confirm that we do not have any formal demand for a ransom,” he said.
“The hacking happened at the user level – not at the application level, as such. So, the application level – that’s where the critical data sits, and that part has not been affected as yet.
“When we noticed the user level being impacted, we shut down the system as a precautionary measure to protect the integrity of our data to make sure the critical information of our customers is not compromised.
“But it is not all doom and gloom – what we’re saying to people is you can still pay your rates etc through EasyPay so you don’t fall behind.”
The City official also pledged to keep Johannesburg residents informed on an hourly basis as they attempted to bring systems back online while investigating the ransom demand.
“At the moment we are not sure [about the ransom], and we don’t want to send panic to the public,” he said outside the authority’s IT headquarters.
“There is also a team of very skilled and highly capable investigators who are also trying to the preliminary investigations.
“Once we get clarity of their details, we will be able to share with the people of Johannesburg in terms of what we have found and if there is any truth in this ransom demand.”
Mr Modingoane also explained that investigators were scouring alleged threats made to City staff on social media that are believed to be linked to the hackers and their demands for cryptocurrency.
Meanwhile, social media channels across the city have been flooded with concerned and confused residents slamming the authority for its lack of security and “inability to provide answers, explanations or sense” around the crippling shutdown.
This isn’t the first time authorities have had to shut down digital services in Johannesburg.
Earlier this year, City Power suffered a major security breach after hackers planted a virus which encrypted the databases of the utility.
• Coin Rivet is a website bringing news, information, analysis, opinion and insight from the fast-moving blockchain world.