We shall not pay the ransom, Johannesburg tells hackers

We shall not pay the ransom. This is the message that the city of Johannesburg in South Africa has for hackers who breached their systems. The hackers demanded 4 BTC, worth about $30,000, threatening to leak sensitive information if their demands were not met. They even gave the city a deadline. However, Joburg isn’t about to surrender to the crooks, despite admitting that some of its most crucial systems had been hit.

In a message posted on its Twitter page, the city revealed that the attack has had a “significant impact on our ability to deliver services to our residents.” The message also confirmed prior reports about the attack, including when it happened and the amount of BTC ransom that the hackers are demanding.

Statement: Latest developments following Cyber Attack #COJSystemBreach ^NS pic.twitter.com/ynvUmAUsFg

— City of Joburg (@CityofJoburgZA) October 28, 2019

However, the message boldly stated, “I can confirm that the City will not concede to their (hackers) demands and we are confident that we will be able to restore 80% of our systems.”

The city’s tech team has already managed to recover some of the critical consumer-facing applications including its billing services, property valuation systems, e-health and library services.

“We have made significant progress. If we continue on this trajectory, we should be able to restore 80% of our systems,” the message stated.

As CoinGeek reported recently, this isn’t the first time that Joburg is attacked by hackers. Just months ago, the city’s electricity provider was attacked, leading to blackouts in thousands of homes. It’s not yet clear if Shadow Kill Hackers, the group behind the latest attack, was also responsible for the previous one.

The decision to not pay the ransom is bold. If the hackers really had all the information they claimed to, the city could be exposing millions of private records on the internet. It’s also a costly decision as it will cost the city millions of dollars to rebuild its systems. Cesar Cerrudo, the CTO of Washington-based computer security company IOActive, believes that conceding to the criminals’ demands could be the best decision.

He told ThreatPost, “Nobody wants to negotiate with criminals, but sometimes it’s the smartest option.”

Cerrudo said he believes that cities and other organization must take the blame for their laxity which is what leads them to such vulnerabilities, noting, “Municipalities need to start acknowledging that they made a mistake by not having proper backups in place instead of playing innocent victims. Ransomware and cyber-criminals are bad, but not having good security and backups is worse.”