Attackers who tried to flood the Internet-connected computers of South African banks with junk network traffic tried to extend two to four bitcoins from each bank.
This is according to the CEO of the South African Banking Risk Information Center (SABRIC), Susan Potgieter, who was speaking to E-TV news about the attacks on 25 October.
At the exchange rates over the past few days, the bitcoin demanded by the attackers would amount to between R200,000 and R550,000 per bank.
If the attackers targeted five of South Africa's banks, that means they stood to make up to R2.75 million.
SABRIC issued a statement on behalf of the banking industry on Friday which said that the South African banks have been facing a wave of distributed denial of service (DDoS) attacks since 23 October.
Potgieter emphasized that DDoS attacks do not involve hacking or a data breach, and therefore no customer data is at risk.
However, DDoS attacks may cause service disruptions as they flood networks with junk traffic. Potgieter said that these disruptions will be minor, and will be limited to public-facing services.
"These attacks started with a ransom note which was delivered via email to both unattended as well as staff email addresses, all of which were publicly available."
Potgieter said that he had not seen the ransom notes himself, but had been informed by the banks how much the attackers were trying to extort from them.
"Threat intelligence which has surfaced has revealed that this is a multi-jurisdictional attack with entities from several countries being targeted and should therefore not be viewed as targeted attacks on South African companies only."
By Friday evening, MyBroadband had received word from Absa, Capitec, Nedbank, and Standard Bank stating that the effects of the DDoS attacks had been minor. FNB referred our queries to SABRIC.
There have been either minor disruptions to online banking services or, in Capitec's case, no disruptions at all.
No link to theft and ransom on City of Joburg data
SABRIC's statement was prompted by a media storm which started after the City of Joburg revealed that it had become the victim of a computer security breach.
Shadow Kill Hackers, the group claiming responsibility for the attack on the City of Joburg, said that it downloaded sensitive financial data. The group is threatened to upload the data to the Internet unless the city is paid for "a full detailed scenario attack report".
SABRIC and the banks all emphasized the difference in the two types of attacks and assured customers that there had been no successful hacks on the banks.
Shadow Kill hackers also posted on Twitter that it has nothing to do with the DDoS attacks on South African banks.