This article was published on July 26, 2019

Johannesburg’s power supplier gets the better of ransomware attackers


Johannesburg’s power supplier gets the better of ransomware attackers Image by: Wikipedia

A ransomware infection at one of South Africa’s electricity providers left some city residents of Johannesburg without any power.

City Power, one of the largest power suppliers in Johannesburg, said the attack encrypted all its databases, applications and network, leading to a blackout of its IT systems.

The company said the attack impacted vendors, who couldn’t upload invoices or access its website, adding it was working to recover and restore the impacted applications. It appears they had access to timely backups that helped them thwart the attacks.

But the local government sought to reassure customers that none of their personal information were compromised in the attack. City Power has not revealed details of the ransomware strain that affected its systems.

While City Power continues to work on the restoration, it has put up temporary alternatives in place:

  • Fault logging – customers may not be able to use the website, as such they are requested to log calls on their cellphones using http://www.citypower.mobi
  • Submitting Invoices – Suppliers seeking to submit invoices for payments should rather bring their invoices physically to City Power offices in Booysens

Joburg really doesn’t need this right now

The ransomware attack comes during a time when Johannesburg is under a grip of cold weather, with City Power already urging city residents to use power sparingly to avoid unplanned power outages. The utility provider said early this week it was experiencing capacity constraints due to cold temperatures.

By Thursday evening, most of the critical systems that were affected by the virus attack had been restored, including a pre-paid vending system that allowed customers to buy electricity. The company’s website continues to remain inaccessible as of now.

A wave of ransomware attacks

City Power is far from the only company that has fallen victim to ransomware attacks in recent months. But it is definitely one of the lucky few that have managed to escape paying huge ransoms to regain access back to their systems.

The incident underscores the need for securing backups to sensitive files so as to avoid acceding to huge ransom demands from attackers.

Early this month, Lake City officials approved a huge payment of nearly $500,000 after a Ryuk ransomware attack encrypted the city’s IT network. Jackson County officials in Georgia, in a similar attack, paid $400,000 to cyber-criminals to get rid of a ransomware infection, and La Porte County, Indiana, shelled out $130,000 to recover data on from its encrypted computer systems.

The ever-growing list of ransomware attacks have prompted the United States Conference of Mayors to rule it would not pay ransomware demands moving forward.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with