Ransomware Attack Cripples Power Company

A ransomware attack that hit the South African electric utility City Power from Johannesburg this morning encrypted all its systems, including databases and applications.

The incident affects one of the largest power suppliers in Johannesburg, owned by the city municipality. At the same time, customers reported multiple power outages on Twitter [1, 2, 3] but it has not been confirmed if they are related.

The attack used an unknown ransomware strain and it blocked some clients from buying electricity units using its prepaid electricity vending system according to the company.

The virus has affected our customers’ ability to vend, that is buying electricity, upload invoices, or access our website.
It may also affect our response to some outages as the system to order and dispatch material is affected. @CityofJoburgZA

— @CityPowerJhb (@CityPowerJhb) July 25, 2019

“Dear customers, please note that we are currently experiencing a problem with our prepaid vending system,” an automated voice message on City Power’s phone helpline says as per Business Insider South Africa.”We are working on this issue and hope to have it resolved by one o’clock today”.

“So far most of the IT applications and networks that were affected by the cyber attack have been cleaned up and restored,” tweeted the Johannesburg municipality.

“However, work is still continuing on some systems and applications that were affected including the uploading of invoices by our suppliers, and logging faults by customers on the website”

City Power put in place the following temporary measures and alternatives for its customers:

“Customers should not panic as none of their details were compromised. We apologise for the inconvenience caused to the people of the City of Joburg,” added the municipality. “Please be patient with us, we expect to have everything back in order by the end of Thursday,”