Johannesburg’s power supplier gets the better of ransomware attackers

A ransomware infection at one of South Africa’s electricity providers left some city residents of Johannesburg without any power.

City Power, one of the largest power suppliers in Johannesburg, said the attack encrypted all its databases, applications and network, leading to a blackout of its IT systems.

City Power will continue to work throughout the night to recover the systems and restore remaining applications.

We are hoping that if everything goes according to plan, everything should be restored by Friday.

— @CityPowerJhb (@CityPowerJhb) July 26, 2019

The company said the attack impacted vendors, who couldn’t upload invoices or access its website, adding it was working to recover and restore the impacted applications. It appears they had access to timely backups that helped them thwart the attacks.

Celebrate King's Day with TNW Conference :tickets:

Use code GEZELLIG40 on your Business, Investor and Startup passes and get 40% off. Offer ends April 29.

But the local government sought to reassure customers that none of their personal information were compromised in the attack. City Power has not revealed details of the ransomware strain that affected its systems.

While City Power continues to work on the restoration, it has put up temporary alternatives in place:

Fault logging – customers may not be able to use the website, as such they are requested to log calls on their cellphones using http://www.citypower.mobi
Submitting Invoices – Suppliers seeking to submit invoices for payments should rather bring their invoices physically to City Power offices in Booysens

Joburg really doesn’t need this right now

The ransomware attack comes during a time when Johannesburg is under a grip of cold weather, with City Power already urging city residents to use power sparingly to avoid unplanned power outages. The utility provider said early this week it was experiencing capacity constraints due to cold temperatures.

By Thursday evening, most of the critical systems that were affected by the virus attack had been restored, including a pre-paid vending system that allowed customers to buy electricity. The company’s website continues to remain inaccessible as of now.

City Power will continue to update customers and all stakeholders about the progress of the recovery and restorations. And about the outcomes of the investigation into the cause of the cyber attack.

— @CityPowerJhb (@CityPowerJhb) July 26, 2019

A wave of ransomware attacks

City Power is far from the only company that has fallen victim to ransomware attacks in recent months. But it is definitely one of the lucky few that have managed to escape paying huge ransoms to regain access back to their systems.

The incident underscores the need for securing backups to sensitive files so as to avoid acceding to huge ransom demands from attackers.

Early this month, Lake City officials approved a huge payment of nearly $500,000 after a Ryuk ransomware attack encrypted the city’s IT network. Jackson County officials in Georgia, in a similar attack, paid $400,000 to cyber-criminals to get rid of a ransomware infection, and La Porte County, Indiana, shelled out $130,000 to recover data on from its encrypted computer systems.

The ever-growing list of ransomware attacks have prompted the United States Conference of Mayors to rule it would not pay ransomware demands moving forward.