Johannesburg Ransomware Attack

Cyberattacks against critical infrastructure have become common. This time, a ransomware infection has been reported on the systems of City Power, one of South Africa’s leading power suppliers, specifically in the capital, Johannesburg. The incident left thousands of residents without electric power.

City Power provides a prepaid electricity distribution service for local residents and companies. According to the company’s report, the encryption malware blocked access to databases, internal networks, web applications and the official City Power site.

The infection was detected Wednesday (25.07.2019) night. The incident has prevented citizens from accessing the company’s prepaid services. In addition, entrepreneurs who produce energy from solar panels and then sell it to the company have also been disrupted.

City Power Twitter notification:

City Power has been hit by a Ransomware virus. it has encrypted all our databases, applications and network. Currently our ICT department is cleaning and rebuilding all impacted applications.^GR
— @CityPowerJhb (@CityPowerJhb) July 25, 2019

Customers may not be able to visit our website and may not be able to buy electricity units until our ICT department has sorted the matter out, Customers and stakeholders will be updated as and when new information becomes available^GR
— @CityPowerJhb (@CityPowerJhb) July 25, 2019

CityPower was luckily able to restore their systems from backups on Friday, Jul27 without paying a ransom.

If you have questions on our AMI and prepayment vending security measures, please let us know. It’s good that CityPower was able to restore the operations within 48 hours. It’s better to avoid a server infection.

Leave a Reply

Your email address will not be published. Required fields are marked *