Security Experts:

Ransomware Causes Disruptions at Johannesburg Power Company

City Power, the power company in the South African city of Johannesburg, has suffered serious disruptions after its systems became infected with a piece of ransomware.

The electricity provider and local authorities informed residents on Twitter that a “ransomware virus” encrypted all its databases and applications, and impacted most of its network. The incident, which began early on Thursday morning (local time), has caused the company’s website and electricity vending systems to become unavailable, preventing many from acquiring electricity units and leaving them in the dark.

City Power customers are provided prepaid power meters and the amount of electricity they can consume depends on how many electricity units they acquire and upload to their meters.

Roughly six hours after the incident was first announced, the City of Johannesburg said on Twitter that most of the impacted applications and networks had been cleaned up and restored, but the City Power website and systems designed to allow suppliers to upload invoices remained offline.

Learn More About Threats Faced by the Energy Sector at SecurityWeek’s ICS Cyber Security Conference

“This [incident] will also affected our response time to logged calls as some of internal systems to dispatch and order material have been slowed by the impact,” the city said.

However, it sought to reassure customers that their personal information was not compromised as a result of the incident. It’s unclear what piece of ransomware was involved.

“Ransomware virus is known globally to be operated by syndicates seeking to solicit money. We want to assure residents of Johannesburg that City Power systems were able to proactively intercept this and managed to deal with it quickly,” customers have been told.

The company’s main website still appears to be inaccessible at the time of writing, but electricity vending systems should be back online and customers have been provided an alternative site where they can report problems.

Matt Walmsley, EMEA Director at Vectra, commented on the incident, “We’re seeing ransomware becoming a far more focused tactic where cybercriminals take time to profile and target organisations who they believe will have a higher likelihood of paying a meaningful level of ransom.”

“The broad scope of disruption to City Power’s databases and other software, impacting most of their applications and networks suggest that the ransomware was able to very quickly propagate internally without impediment. The disruption to their services and consumer backlash will further compound the pressure on City Power’s IT and security teams to rapidly restore systems to a known good condition from back-ups, or chance of paying the ransom,” he added.

Several major industrial firms have been hit by ransomware in recent months, including metals and energy giant Norsk Hydro, aircraft parts maker ASCO Industries, chemical companies Hexion and Momentive, and special-purpose vehicle maker Aebi Schmidt.

Related: DoS Attack Blamed for U.S. Grid Disruptions

Related: Cyberattacks Against Energy Sector Are Higher Than Average

Related: Energy Sector Most Impacted by ICS Flaws, Attacks

Related: As Ransomware Rages, Debate Heats Up on Response

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.