CYBER ATTACKS ON CITIES CONTINUE

The city of Johannesburg were subjected to ransomware. Unlike recent ransom demands, the attackers threatened to release information if the ransom was not paid. The city refused to pay the
ransom. Currently, there is no evidence of leaked information relating to the case.





The city of Johannesburg in South Africa was subjected to a major cyber-attack on 24 October 2019. Many of the city’s e-services, such as billing, e-health and library services, are down. The city is unable to, for example, pay bills to service providers or its customers. The attack has also affected the operation of the Emergency Response Center. The attackers demand a ransom of 4 bitcoin, which converts to over € 33,000. The city of Johannesburg has refused to pay the ransom. What was different and new about this ransom claim was that the attackers threatened to release sensitive information, rather than simply encrypting the information.


At the same time, several South African banks have also been subjected to a de-centralised denial of service attack, which was threatened to be continued until the ransom has been paid for. The threat of publishing sensitive information increases the deterrent effect of ransoms and, if realised, can cause embarrassment and financial harm to the victimised organisation and individuals. The threat of continuing a denial-of-service attack does not have much impact, as technical solutions are available to combat this type of attacks.


Attacks on cities and public services can affect a very large number of people and actors. The most critical are the disruptions related to health services or, for example, the activity of an emergency center, which can, in the worst case, even endanger human lives. In recent months, cities and public services have also been increasingly targeted by cyber-attacks even in Finland. The cities Lahti and Kokemäki, as well as the Pori Training Unit, have been the target of attacks. The widespread denial-of-service attack on 22 August affected the police.fi, 112, vero.fi, suomi.fi and raja.fi web services and many more. Part of the reason for these developments seem to be the inadequate level of cyber security of municipalities and cities.


The risk of attacks increase, for example, in connection with politically significant events, in which case an attack can also be used to raise awareness. Service interruptions are often also caused by human errors, technical failures, hardware and software failures and updates, or combinations of these.

Do you want to continue reading the October review?

A Special offer of 400€ + VAT for end-of-year reviews 

Contact: kirsi@cyberwatchfinland.fi