It’s been a busy week for cybercriminals targeting organizations in South Africa.
Multiple banks in the country have been hit by distributed denial-of-services attacks, while the country’s largest city, Johannesburg, is dealing with the second major breach to its network in three months.
Public-facing services of multiple financial institutions were on Wednesday hit by a wave of “ransom-driven” DDoS attacks, according to the South African Banking Risk Information Centre (SABRIC), an association of banks focused on combating crime.
The attackers aren’t deploying ransomware, but instead are using DDoS attacks to demand a fee to stop inundating victims with web traffic. SABRIC did not disclose the size of the extortion fee.
“These attacks started with a ransom note which was delivered via email to both unattended as well as staff email addresses, all of which were publicly available,” SABRIC said in statement, adding that the attack was not confined to organizations in South Africa.
Customers at Johannesburg-based Standard Bank had complained early Thursday about being unable to access online services. Later in the day, the banks said those services had been restored.
Despite the disruption, SABRIC said it is “confident that customer impact will be kept to a minimum.”
Meanwhile, officials in Johannesburg, which is home to over 5 million people, said Thursday they were temporarily shutting down the city’s online billing and other services after a “network breach which resulted in unauthorized access to [municipal government] information systems.”
The City has detected a network breach in its systems ^TK pic.twitter.com/r43iiJiUya
— City of Joburg (@CityofJoburgZA) October 24, 2019
The statement didn’t mention who was responsible, or confirm that ransomware was deployed. According to local media reports and a widely circulated ransom note, a group calling itself Shadow Kill Hackers is demanding 4 Bitcoin, or roughly $34,000, to the city’s servers. The hackers’ deadline for payment is Oct. 28.
The exact circumstances surrounding the attack remain unclear.
At press time, the city’s website was still down.
It is a familiar feeling for Johannesburg residents. In July, ransomware infected the IT networks of a utility that provides power to the city, forcing the company to rebuild some of its computer systems.
Cybercrime has been a persistent problem in South Africa. In 2018, South Africa ranked second among countries with the most banking malware infections on Android devices, according to cybersecurity company Kaspersky.