Another day, another cyber attack. Not just on a business entity though, but rather another city! About 24 hours ago, the city of Johannesburg detected unauthorized access to their networked systems and have taken immediate action. Check out their Twitter post below. Click here for direct access to their Twitter page.
The investigation will take about 24 hours and in the meantime, several services have been suspended. This means customers won’t be able to make payments, check out the city website, nor utilize provided e-services.
From a customer viewpoint, they get an extension on their payments, since they can’t make them! Hopefully there’s no penalty. Kidding aside, however, I hope the recovery process won’t be as expensive as the city of Baltimore’s, which we reported on in 2019’s Q2 Internet Security Report. Baltimore was hit with ransomware and the ransom was set at $75,000, but the recovery costs were an estimated $17M.
I attempted to access the city website (http://www[.]joburg.org[.]za) and can verify it’s down at the time of this writing. Sufficient logging as well as tested and verified backups are crucial here. Logging will provide details as to what attackers accessed and around what time, offering some trail to follow. Verified backups will allow data restoration in the case of data loss or the data being held for ransom.