City Power Hit by Ransomware Attack

July 29, 2019

City Power, who is responsible for providing power to Johannesburg, South Africa, said on Thursday it had been hit by a ransomware virus that had encrypted all of its databases, applications and network.

City Power said its website was down and that customers would struggle to access a number of services, such as buying electricity, uploading invoices and access to the website. It also could affect its response to some outages as the system to order and dispatch was affected.

“City Power has been hit by a virus which has led to a black out to it's IT systems. We apologise to our customers in the @CityofJoburgZA,” City Power said in a tweet.

The city of Johannesburg said in a tweet, "Customers should not panic as none of their details were compromised."

Matt Walmsley, EMEA Director at Vectra, says, “We’re seeing ransomware becoming a far more focused tactic where cybercriminals take time to profile and target organizations who they believe will have a higher likelihood of paying a meaningful level of ransom. The broad scope of disruption to City Power’s databases and other software, impacting most of their applications and networks suggest that the ransomware was able to very quickly propagate internally without impediment. The disruption to their services, as well as consumer backlash, will further compound the pressure on City Power’s IT and security teams to rapidly restore systems to a known good condition from back-ups, or chance of paying the ransom. 

To have a fighting chance, cybersecurity teams need to be able to rapidly detect and respond to pre-cursor ransomware actions such as host and file store reconnaissance behaviors and command and control signals that are a pre-cursor to the file encryption activities. As the response time available before encryption occurs can be very short, these are tasks that increasingly need to be automated by augmenting people and processes with AI systems that can work at a scale and speed humans alone simply couldn’t match. In ransomware attacks, time is the most precious resource for security teams.”

Terence Jackson, Chief Information Security Officer at Thycotic, says, “It appears that in similar fashion to the attacks that have been plaguing US cities and states, Johannesburg’s Power Body operations have been severely degraded by this attack. There hasn’t been any mention of the ransom request, but due to the severity of this attack, I’m sure it will be a hefty one. It will also be interesting to see if the Power Body has properly backed up its data.”

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

City Power Hit by Ransomware Attack

The latest news and information

Content written for business-minded executives who manage enterprise risk and security

City Power Hit by Ransomware Attack

Related Articles

The latest news and information

Content written for business-minded executives who manage enterprise risk and security