City Power Hit by Ransomware Attack

July 29, 2019

City Power, who is responsible for providing power to Johannesburg, South Africa, said on Thursday it had been hit by a ransomware virus that had encrypted all of its databases, applications and network.

City Power said its website was down and that customers would struggle to access a number of services, such as buying electricity, uploading invoices and access to the website. It also could affect its response to some outages as the system to order and dispatch was affected.

“City Power has been hit by a virus which has led to a black out to it's IT systems. We apologise to our customers in the @CityofJoburgZA,” City Power said in a tweet.

The city of Johannesburg said in a tweet, "Customers should not panic as none of their details were compromised."

Matt Walmsley, EMEA Director at Vectra, says, “We’re seeing ransomware becoming a far more focused tactic where cybercriminals take time to profile and target organizations who they believe will have a higher likelihood of paying a meaningful level of ransom. The broad scope of disruption to City Power’s databases and other software, impacting most of their applications and networks suggest that the ransomware was able to very quickly propagate internally without impediment. The disruption to their services, as well as consumer backlash, will further compound the pressure on City Power’s IT and security teams to rapidly restore systems to a known good condition from back-ups, or chance of paying the ransom. 

To have a fighting chance, cybersecurity teams need to be able to rapidly detect and respond to pre-cursor ransomware actions such as host and file store reconnaissance behaviors and command and control signals that are a pre-cursor to the file encryption activities. As the response time available before encryption occurs can be very short, these are tasks that increasingly need to be automated by augmenting people and processes with AI systems that can work at a scale and speed humans alone simply couldn’t match. In ransomware attacks, time is the most precious resource for security teams.”

Terence Jackson, Chief Information Security Officer at Thycotic, says, “It appears that in similar fashion to the attacks that have been plaguing US cities and states, Johannesburg’s Power Body operations have been severely degraded by this attack. There hasn’t been any mention of the ransom request, but due to the severity of this attack, I’m sure it will be a hefty one. It will also be interesting to see if the Power Body has properly backed up its data.”

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

City Power Hit by Ransomware Attack

Related Articles

Report Abusive Comment