Security Experts:

Connect with us

Hi, what are you looking for?



Ransomware Causes Disruptions at Johannesburg Power Company

City Power, the power company in the South African city of Johannesburg, has suffered serious disruptions after its systems became infected with a piece of ransomware.

City Power, the power company in the South African city of Johannesburg, has suffered serious disruptions after its systems became infected with a piece of ransomware.

The electricity provider and local authorities informed residents on Twitter that a “ransomware virus” encrypted all its databases and applications, and impacted most of its network. The incident, which began early on Thursday morning (local time), has caused the company’s website and electricity vending systems to become unavailable, preventing many from acquiring electricity units and leaving them in the dark.

City Power customers are provided prepaid power meters and the amount of electricity they can consume depends on how many electricity units they acquire and upload to their meters.

Roughly six hours after the incident was first announced, the City of Johannesburg said on Twitter that most of the impacted applications and networks had been cleaned up and restored, but the City Power website and systems designed to allow suppliers to upload invoices remained offline.

Learn More About Threats Faced by the Energy Sector at SecurityWeek’s ICS Cyber Security Conference

“This [incident] will also affected our response time to logged calls as some of internal systems to dispatch and order material have been slowed by the impact,” the city said.

However, it sought to reassure customers that their personal information was not compromised as a result of the incident. It’s unclear what piece of ransomware was involved.

“Ransomware virus is known globally to be operated by syndicates seeking to solicit money. We want to assure residents of Johannesburg that City Power systems were able to proactively intercept this and managed to deal with it quickly,” customers have been told.

The company’s main website still appears to be inaccessible at the time of writing, but electricity vending systems should be back online and customers have been provided an alternative site where they can report problems.

Matt Walmsley, EMEA Director at Vectra, commented on the incident, “We’re seeing ransomware becoming a far more focused tactic where cybercriminals take time to profile and target organisations who they believe will have a higher likelihood of paying a meaningful level of ransom.”

“The broad scope of disruption to City Power’s databases and other software, impacting most of their applications and networks suggest that the ransomware was able to very quickly propagate internally without impediment. The disruption to their services and consumer backlash will further compound the pressure on City Power’s IT and security teams to rapidly restore systems to a known good condition from back-ups, or chance of paying the ransom,” he added.

Several major industrial firms have been hit by ransomware in recent months, including metals and energy giant Norsk Hydro, aircraft parts maker ASCO Industries, chemical companies Hexion and Momentive, and special-purpose vehicle maker Aebi Schmidt.

Related: DoS Attack Blamed for U.S. Grid Disruptions

Related: Cyberattacks Against Energy Sector Are Higher Than Average

Related: Energy Sector Most Impacted by ICS Flaws, Attacks

Related: As Ransomware Rages, Debate Heats Up on Response

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.