Yesterday, a ransomware virus affected City Power Johannesburg, the electricity distributor for some parts of South Africa’s capital city. City Power notified citizens via Twitter that the virus has encrypted all its databases, applications and network and that the ICT team is trying to fix the issue.
#Update City Power has been hit by a Ransomware virus. it has encrypted all our databases, applications and network. Currently our ICT department is cleaning and rebuilding all impacted applications.^GR
— @CityPowerJhb (@CityPowerJhb) July 25, 2019
Due to the attack, City Power’s website was restraining users from lodging a complaint or purchasing pre-paid electricity.
Customers may not be able to visit our website and may not be able to buy electricity units until our ICT department has sorted the matter out, Customers and stakeholders will be updated as and when new information becomes available^GR
— @CityPowerJhb (@CityPowerJhb) July 25, 2019
The city municipality, owners of the City Power, tweeted, it also “affected our response time to logged calls as some of the internal systems to dispatch and order material have been slowed by the impact”. Chris Baraniuk, a freelance science and technology journalist, tweeted, “The firm tells me more than 250,000 people would have had trouble paying for pre-paid electricity, potentially leaving them cut off”. City Power hasn’t yet released information on the scale of the impact.
The ransomware attack occurs amidst existing power outages
According to iAfrikan, the ransomware attack struck the city while it was “experiencing a strain on the power grid due to increased use of electricity during Johannesburg’s recent cold winter weather”. The strain on the grid has resulted in multiple power outages in different parts of the city.
According to Bleeping Computers, Business Insider South Africa reported that an automated voice message on City Power’s phone helpline said, “Dear customers, please note that we are currently experiencing a problem with our prepaid vending system. We are working on this issue and hope to have it resolved by one o’clock today (25 July 2019)”.
The city municipality tweeted yesterday, “most of the IT applications and networks that were affected by the cyberattack have been cleaned up and restored.”
The municipality apologized for their inconvenience and assured the customers that none of their details were compromised.
City Power will continue to work throughout the night to recover the systems and restore remaining applications.
We are hoping that if everything goes according to plan, everything should be restored by Friday.
— @CityPowerJhb (@CityPowerJhb) July 26, 2019
Many users have raised requests tagging the municipality and the electricity distribution board on Twitter. City Power replied, “Technicians will be dispatched to investigate and work on restorations”. Later it tweeted asking them to cancel their request and that the power had been restored.
@CityPowerJhb No power in Weltevredenpark ext 10, ref: CPWEB2505894. Guys we been down since 8am this morning, what is happening? @Municipality @CityofJoburgZA
— Gregory Kee (@GregKee) July 25, 2019
A recent tweet today at 10:47 am (SAST) from the City Power says, “Electricity supply points to be treated as live at all times as power can be restored anytime. City Power regrets any inconvenience that may be caused by the interruption”.
Electricity supply points to be treated as live at all times as power can be restored anytime. City Power regrets any inconvenience that may be caused by the interruption.^BP
— @CityPowerJhb (@CityPowerJhb) July 26, 2019
Luckily, City Power Johannesburg escaped from paying a ransom
Ransomware attack blocks the company’s or individual’s system until a huge ransom–in a credit or in Bitcoin–is paid to the attackers to relieve their systems.
According to Business Insider South Africa, attackers usually convert the whole information with the databases into “gibberish, intelligible only to those with the right encryption key. Attackers then offer to sell that key to the victim, allowing for the swift reversal of the damage”.
There have been many instances in this year and Johannesburg has been lucky enough to escape from paying a huge ransom.
Early this month, a Ryuk ransomware attack encrypted Lake City’s IT network in the United States and the officials had to approve a huge payment of nearly $500,000 to restore operations.
Similarly, Jackson County officials in Georgia, USA, paid $400,000 to cyber-criminals to resolve a ransomware infection. Also, La Porte County, Indiana, US, paid $130,000 to recover data from its encrypted computer systems.
According to The Next Web, the “ever-growing list of ransomware attacks has prompted the United States Conference of Mayors to rule that they would not pay ransomware demands moving forward.”
Jim Trainor, who formerly led the Cyber Division at FBI Headquarters and is now a senior vice president in the Cyber Solutions Group at risk management and insurance brokerage firm Aon, told CSO, “I would highly encourage a victim of a ransomware attack to work with the FBI and report the incident”. The FBI “strongly encourages businesses to contact their local FBI field office upon discovery of a ransomware infection and to file a detailed complaint at www.ic3.gov”. Maintaining good security habits is the best way to deal with ransomware attacks, according to the FBI. “The best approach is to focus on defense-in-depth and have several layers of security as there is no single method to prevent compromise or exploitation,” they tell CSO.
To know more about the City Power Johannesburg ransomware attack in detail, head over to The Bleeping Computer’s coverage.
Read Next
Microsoft releases security updates: a “wormable” threat similar to WannaCry ransomware discovered
Atlassian Bitbucket, GitHub, and GitLab take collective steps against the Git ransomware attack
