Johannesburg Ransomware Attack

Cyberattacks against critical infrastructure have become common. This time, a ransomware infection has been reported on the systems of City Power, one of South Africa’s leading power suppliers, specifically in the capital, Johannesburg. The incident left thousands of residents without electric power.

City Power provides a prepaid electricity distribution service for local residents and companies. According to the company’s report, the encryption malware blocked access to databases, internal networks, web applications and the official City Power site.

The infection was detected Wednesday (25.07.2019) night. The incident has prevented citizens from accessing the company’s prepaid services. In addition, entrepreneurs who produce energy from solar panels and then sell it to the company have also been disrupted.

City Power Twitter notification:

City Power has been hit by a Ransomware virus. it has encrypted all our databases, applications and network. Currently our ICT department is cleaning and rebuilding all impacted applications.^GR
— @CityPowerJhb (@CityPowerJhb) July 25, 2019

Customers may not be able to visit our website and may not be able to buy electricity units until our ICT department has sorted the matter out, Customers and stakeholders will be updated as and when new information becomes available^GR
— @CityPowerJhb (@CityPowerJhb) July 25, 2019

CityPower was luckily able to restore their systems from backups on Friday, Jul27 without paying a ransom.

If you have questions on our AMI and prepayment vending security measures, please let us know. It’s good that CityPower was able to restore the operations within 48 hours. It’s better to avoid a server infection.

Editor's note: This article was originally published in August 2019 and has been updated for comprehensiveness.

2 Replies to “Johannesburg Ransomware Attack”
  1. How CLOUESP PPM system security measure against cyber-attacks such as malware and brute force attacks?
    Thank you!

    1. Dear Jonas, plz find our SW engineer’s detailed answers as below.
      1. The system supports HTTPS, which will encrypt the data during the communication between system and its operators. STS1&2 with STS modules to provide vending security.
      2. The system encrypts sensitice information like user password, database information etc, which will reduce the risk of information leakage.
      3. System rejects user login if the user login with wrong password for 5 times, or user with a sample password. Session will be timed out if no operation for several minutes.
      4. The system provides logs for user activities audit and tracing. Integration with other system supports mutual authentication.
      5. Meanwhile, we suggest to use some professional security devices such as hardware firewall, IPS, VPN network etc to give more protection to the system. All components in the solution should be protected and hardened.

Leave a Reply

Your email address will not be published. Required fields are marked *

 


All comments are moderated before being published. Inappropriate or off-topic comments may not be approved.