The City of Johannesburg shut down its website and billing systems after a group hacked into the authority’s system and demanded a ransom of four Bitcoins worth about $30,000.

The call center, cashiers and other digital platforms were also taken offline as a precaution following the breach, the City said on its Twitter account. Technical teams are working to restore services, it said.

A group called Shadow Kill Hackers advertised the hack on the City’s website before it was shut down, local broadcaster eNCA reported. The cyber extortionists then threatened to upload all hijacked data on the internet by Oct. 28 if their crypto-currency ransom isn’t met, the news agency said.

The incident is being investigated by security experts who are striving to limit the impact, the City said. The investigation will take 24 hours.

Multiple banks were hit by online attacks that affected public-facing services earlier this week, though they don’t constitute a hack or a data breach and no customer data was put at risk, according to the South African Banking Risk Information Centre.

In July, Johannesburg’s City Power was hit by a virus that restricted the ability of customers to buy electricity online.

As cyber attacks increase and become more sophisticated, many companies and service providers will find themselves poorly equipped to detect and fight incidents, said Craig Rosewarne, managing director at information and cyber threat management firm Wolfpack Information Risk.

Larger companies are also facing hacks and ransom demands.

“They exploit their systems, steal their information and try to get them to pay to cover it up,” Rosewarne said. Insurance to cover the costs associated with cleaning up after a breach has become more comprehensive in recent years, “but what it doesn’t cover is your reputation,” he said.