South Africa’s banks, and its largest city, are grappling with separate cyber incidents

It's been a tough week there.

It’s been a busy week for cybercriminals targeting organizations in South Africa.

Multiple banks in the country have been hit by distributed denial-of-services attacks, while the country’s largest city, Johannesburg, is dealing with the second major breach to its network in three months.

Public-facing services of multiple financial institutions were on Wednesday hit by a wave of “ransom-driven” DDoS attacks, according to the South African Banking Risk Information Centre (SABRIC), an association of banks focused on combating crime.

The attackers aren’t deploying ransomware, but instead are using DDoS attacks to demand a fee to stop inundating victims with web traffic. SABRIC did not disclose the size of the extortion fee.


“These attacks started with a ransom note which was delivered via email to both unattended as well as staff email addresses, all of which were publicly available,” SABRIC said in statement, adding that the attack was not confined to organizations in South Africa.

Customers at Johannesburg-based Standard Bank had complained early Thursday about being unable to access online services. Later in the day, the banks said those services had been restored.

Despite the disruption, SABRIC said it is “confident that customer impact will be kept to a minimum.”

Meanwhile, officials in Johannesburg, which is home to over 5 million people, said Thursday they were temporarily shutting down the city’s online billing and other services after a “network breach which resulted in unauthorized access to [municipal government] information systems.”


The statement didn’t mention who was responsible, or confirm that ransomware was deployed. According to local media reports and a widely circulated ransom note, a group calling itself Shadow Kill Hackers is demanding 4 Bitcoin, or roughly $34,000, to the city’s servers.  The hackers’ deadline for payment is Oct. 28.

The exact circumstances surrounding the attack remain unclear.

At press time, the city’s website was still down.

It is a familiar feeling for Johannesburg residents. In July, ransomware infected the IT networks of a utility that provides power to the city, forcing the company to rebuild some of its computer systems.

Cybercrime has been a persistent problem in South Africa. In 2018, South Africa ranked second among countries with the most banking malware infections on Android devices, according to cybersecurity company Kaspersky.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts