Ransomware Attack Cripples Power Company

A ransomware attack that hit the South African electric utility City Power from Johannesburg this morning encrypted all its systems, including databases and applications.

The incident affects one of the largest power suppliers in Johannesburg, owned by the city municipality. At the same time, customers reported multiple power outages on Twitter [1, 2, 3] but it has not been confirmed if they are related.

The attack used an unknown ransomware strain and it blocked some clients from buying electricity units using its prepaid electricity vending system according to the company.

The incident “also affected our response time to logged calls as some of internal systems to dispatch and order material have been slowed by the impact,” says the official Twitter account for the city of Johannesburg municipality.

The virus has affected our customers’ ability to vend, that is buying electricity, upload invoices, or access our website.
It may also affect our response to some outages as the system to order and dispatch material is affected. @CityofJoburgZA

— @CityPowerJhb (@CityPowerJhb) July 25, 2019

“Dear customers, please note that we are currently experiencing a problem with our prepaid vending system,” an automated voice message on City Power’s phone helpline says as per Business Insider South Africa.”We are working on this issue and hope to have it resolved by one o’clock today”.

“So far most of the IT applications and networks that were affected by the cyber attack have been cleaned up and restored,” tweeted the Johannesburg municipality.

“However, work is still continuing on some systems and applications that were affected including the uploading of invoices by our suppliers, and logging faults by customers on the website”

City Power put in place the following temporary measures and alternatives for its customers:

• Fault logging – customers may not be able to use the website, as such they are requested to log calls on their cellphones using citypower.mobi
• Submitting Invoices – Suppliers seeking to submit invoices for payments should rather bring their invoices physically to City Power offices in Booysen

“Customers should not panic as none of their details were compromised. We apologise for the inconvenience caused to the people of the City of Joburg,” added the municipality. “Please be patient with us, we expect to have everything back in order by the end of Thursday,”

Ransomware attacks have targeted a whole slew of other cities during the last two weeks, with La Porte County, Indiana, having to pay $130,000 to recover data on encrypted computer systems, Lawrenceville police asking for FBI’s help, as well as Northwest Indian College (NWIC) and New York City’s Monroe College having had their IT systems impacted.