A new ransomware attack made the headlines, this time the victim is the City of Johannesburg municipality.

A ransomware attack infected systems at the City of Johannesburg municipality shutting down the website, the e-services platform, and the billing system (SAP ISU and CRM).

“The City of Johannesburg reported a breach of its network on Thursday night and shut down its website and all e-services , hours after receiving a bitcoin ransom note from a group called the Shadow Kill Hackers.” states the Times Live.

“The hack occurred at the same time that several banks also reported internet problems believed to be related to cyber attacks.”

According to a ransom note, hackers also accessed to the information stored on the infected systems.

The City has detected a network breach in its systems ^TK pic.twitter.com/r43iiJiUya — City of Joburg (@CityofJoburgZA) October 24, 2019

“The City of Johannesburg has detected a network breach which resulted in unauthorized access to its information systems,” reads the alert issued after the ransomware attack.

“The incident is currently being investigated by City of Joburg cyber security experts, who have taken immediate and appropriate action to reinforce security measures to mitigate any potential impacts. As a result several customer facing systems – including the city’s website, e-services, billing system – have been shut down as a precaution.”

The city of Johannesburg municipality published alerted citizens via Twitter after several city employees received the ransom note.

“All your servers and data have been hacked. We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information.” reads the ransom note.

The hackers demand the payment of 4 bitcoins by October 28 at 5pm, in case of failure they are threatening to leak the data online. At the time of writing, the City of Johannesburg did not pay the ransom.

Pierluigi Paganini