The City of Johanessburg (COJ) experienced its second ransomware attack this year. In July a Database, internal network and web application were encrypted by hackers seeking a bitcoin ransom. Earlier this week, a second and more damaging ransomware attack occurred which the “Shadow Kill Hackers” tweeted out responsibility for:
“All your servers and data have been hacked. We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information.”
The following City systems are presently offline five (5) days after the attack.
- Offline Services: Call center systems; billing systems, emergency call support systems, website and all e-Services.
- Regional customer service centers are in-operable and not available for customers.
- All emergency calls have been diverted (to where?)
It’s unclear whether the City’s IT team took systems offline, or the systems were offline due to the hack.
Ransomware attacks traditionally encrypt your data in the hopes you’ll provide payment, in bitcoins, to recover your data. This impacts data “Availability” which is often mitigated by restoring from backup.
However, in this attack hackers are threatening to publish the City’s private data to the world. This impacts the “Confidentiality” of the data which is an entirely new threat from Ransomware. You cannot use a backup to protect the confidentiality of your private data made public. All critical data, be it Healthcare records, financial records, or Non-public personal information (NPPI), once made public cannot have its confidentiality restored. That makes this form of attack particularly damaging for COJ.
Implications of Attack
If this form of attack – threatening to release confidential data to the world – is successful in extracting bitcoin payment, this represents an important shift in hacking tactics. Hackers will shift their efforts towards compromising networks in order to exfiltrate (exporting) private data to release publicly. Traditional Ransomware risk reduction tactics through backing up data, will have to be replaced with new cybersecurity protections such as strong two-factor authentication, robust network monitoring, and outbound blocks on data transfers in firewalls to name just a few starting points.
Take Away Message:
Ransomware attacks are escalating in frequency and impact. All government organizations, small and medium sized businesses must improve their cybersecurity preparedness. CyberHoot has many of the tools you need to begin this process.
Visit CyberHoot.com for a free trial and begin your preparations on your time and schedule. It’s too late when you’re staring down the barrel of a Ransomware gun.