Johannesburg, South Africa, is an alpha city on a booming continent—a financial powerhouse and one of the most important cities in the world. It’s also a repeat victim of hackers who at least twice in three months have shut down important city services and networks.
The new attack: On Thursday night, the city of Johannesburg shut down its website, e-services, and billing as a result of a “network breach which resulted in unauthorized access to [city government] information systems.”
Local media reported that hackers demanded ransom, but city spokesman Nthatisi Modingoane went on television on Friday to assert that there was no “formal demand for ransom.”
“What we do know is that yes, the system was hacked, and we’re doing everything in our power to make sure the system is protected,” Modingoane said. “The hacking happened at the user level, not at the application level, which is where the critical data sits. When we noticed the user level being impacted, we shut down the system as a precautionary measure to protect the critical information of customers.”
City officials don’t know who is behind this latest attack.
“I actually think Johannesburg is doing the right thing here,” said Allan Liska, an analyst at the security company Recorded Future. “They aren't sure of the extent of the attack so they are shutting down systems to conduct an effective incident response. It is incredibly inconvenient for their constituents, but that abundance of caution will allow the city to effective assess any weak points and hopefully patch them before real damage can be done.”
Powerless: With a population well above five million people, Johannesburg is the biggest city to fall victim to ransomware—and now another unspecified hack.
In July, a separate ransomware incident hit the city’s power utility company. Some residents were left without power for days because customers couldn’t pay for their power while the company’s databases were encrypted and, for a time, useless.
Just hours after Johannesburg was hit this week, the South African Banking Risk Information Centre reported that multiple banks were targeted with distributed-denial-of-service attacks, according to local news broadcaster eNCA.
The exact details of that attack remain unclear as well, and banking services have been disrupted to some extent, but the banks say no data breach or risk to customers has occurred. It’s unknown if the two incidents are related or represent two separate hacking groups crossing paths as they simultaneously target South Africa’s capital city.
Ransomware as a business: Criminals searching for vulnerable targets and worthwhile paydays have zeroed in on local governments around the globe. In the United States, at least 80 state and local governments have been hit. At a fundamental level, the reason is obvious.
“It’s hugely profitable,” says Fabian Wosar, the chief technical officer for the cybersecurity firm Emsisoft.
“Back in 2015, there were something like 92 unique ransomware families,” says Ed Cabrera, chief cybersecurity officer of Trend Micro. “By 2016, the number is 247, which is around a 750% increase.” The growth reflects how attractive the attacks are for hackers: “It usually takes months for traditional malware to monetize attacks, but ransomware monetizes within minutes or days.”
And the attacks are getting more sophisticated.
“Before, it was a volume play with spray-and-pray tactics,” Cabrera says. “Now they do a little more homework on access and persistence, so they might have more of a payout toward the end. With ransomware as a service, you’re able to scale quicker and have a bigger return.”
AI-powered 6G networks will reshape digital interactions
The convergence of AI and communication technologies will create 6G networks that make hyperconnectivity and immersive experiences an everyday reality for consumers.
The power of green computing
Sustainable computing practices have the power to both infuse operational efficiencies and greatly reduce energy consumption, says Jen Huffstetler, chief product sustainability officer at Intel.
How this Turing Award–winning researcher became a legendary academic advisor
Theoretical computer scientist Manuel Blum has guided generations of graduate students into fruitful careers in the field.
Using data, AI, and cloud to transform real estate
AI can enable business transformation to deliver positive outcomes for clients and propel sustainability goals, according to Sandeep Davé, chief digital and technology officer at CBRE.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.