Hackers have shut down the cyber network of Johannesburg City Council, targeting computers of local government employees in South Africa’s economic hub. 

According to a news report, the hackers allegedly demanded ransom in the form of bitcoins in exchange for reactivating internet and email links to the city’s billing systems. In addition, the City of Johannesburg said it could not confirm the authenticity of the ransom demand and that its forensic and IT units were investigating the attack.

Johannesburg is home to 5 million residents and contributes 16 to the country’s total $326 billion national economy, notes the report. The report notes officials said the attack on Thursday afternoon via employee computers had affected its call centers, website and online electronic platforms.

Matt Walmsley, cybersecurity expert and EMEA Director at Vectra, noted, “Extortion is a well-established approach for cyber criminals and is used through tactics that include threatening denial of service, doxing and ransomware. In the reported case of the city of Johannesburg, the 4 Bitcoin ransom is meaningful but not particularly high and so may be pitched at that level to encourage a decision to pay. Cyber criminals are increasingly making rational economic decisions around targeting organizations and demand ransom levels that they believe will have a higher likelihood of payment. Cybersecurity teams supporting the city will undoubtedly be working flat out to confirm the extent of any attack to aid officials in deciding if they should pay. The same learning needs to be applied to their future risk mitigation of any techniques the attackers used. All too often we are reminded that defensive controls are imperfect, and the ability to quickly detect and respond to live attacks that have successfully penetrated an organization can make the difference between a contained incident and damaging breach.”