Johannesburg Ransomware Attack Leaves Residents in the Dark

By Kelly Sheridan for Dark Reading

City Power and Johannesburg officials have been regularly posting updates to both entities' Twitter accounts; the City of Joburg most recently reported most of the IT applications and network affected by the attack "have been cleaned up and restored."

Johannesburg joins a growing number of cities targeted with ransomware as criminals take aim at municipalities around the world. Other victims include Baltimore, Atlanta, and Riviera Beach, Florida. While security experts typically recommend not paying ransom — and US mayors have committed to follow their advice — unprepared victims may have no choice. Riviera Beach recently paid $600,000 to its attackers, a decision that could potentially have "far-reaching consequences," said Ilia Kolochenko, founder and CEO of security company ImmuniWeb.

Kolochenko anticipates attacks like these will continue. "Cities, and especially their infrastructure sites, are usually a low-hanging fruit for unscrupulous cyber gangs," he says. "These victims will almost inevitably pay the ransom as all other avenues are either unreliable or too expensive." What's more, he adds, is cryptocurrencies can't be traced back to the attackers; as a result, most get away with it.

Cybercriminals are taking the time to profile and target entities that are more likely to pay more money, says Matt Walmsley, Vectra's director of EMEA. City Power was an appealing target: The broad scope of disruption to its databases and other software, affecting most its applications and networks, suggests ransomware was able to quickly spread throughout the organization. Read Full Article