City Power, who is responsible for providing power to Johannesburg, South Africa, said on Thursday it had been hit by a ransomware virus that had encrypted all of its databases, applications and network.

City Power said its website was down and that customers would struggle to access a number of services, such as buying electricity, uploading invoices and access to the website. It also could affect its response to some outages as the system to order and dispatch was affected. 

“City Power has been hit by a virus which has led to a black out to it's IT systems. We apologise to our customers in the @CityofJoburgZA,” City Power said in a tweet.

The city of Johannesburg said in a tweet, "Customers should not panic as none of their details were compromised."

Matt Walmsley, EMEA Director at Vectra, says, “We’re seeing ransomware becoming a far more focused tactic where cybercriminals take time to profile and target organizations who they believe will have a higher likelihood of paying a meaningful level of ransom. The broad scope of disruption to City Power’s databases and other software, impacting most of their applications and networks suggest that the ransomware was able to very quickly propagate internally without impediment. The disruption to their services, as well as consumer backlash, will further compound the pressure on City Power’s IT and security teams to rapidly restore systems to a known good condition from back-ups, or chance of paying the ransom.   

To have a fighting chance, cybersecurity teams need to be able to rapidly detect and respond to pre-cursor ransomware actions such as host and file store reconnaissance behaviors and command and control signals that are a pre-cursor to the file encryption activities. As the response time available before encryption occurs can be very short, these are tasks that increasingly need to be automated by augmenting people and processes with AI systems that can work at a scale and speed humans alone simply couldn’t match. In ransomware attacks, time is the most precious resource for security teams.” 

Terence Jackson, Chief Information Security Officer at Thycotic, says, “It appears that in similar fashion to the attacks that have been plaguing US cities and states, Johannesburg’s Power Body operations have been severely degraded by this attack. There hasn’t been any mention of the ransom request, but due to the severity of this attack, I’m sure it will be a hefty one. It will also be interesting to see if the Power Body has properly backed up its data.”