Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Ransomware Causes Disruptions at Johannesburg Power Company

City Power, the power company in the South African city of Johannesburg, has suffered serious disruptions after its systems became infected with a piece of ransomware.

City Power, the power company in the South African city of Johannesburg, has suffered serious disruptions after its systems became infected with a piece of ransomware.

The electricity provider and local authorities informed residents on Twitter that a “ransomware virus” encrypted all its databases and applications, and impacted most of its network. The incident, which began early on Thursday morning (local time), has caused the company’s website and electricity vending systems to become unavailable, preventing many from acquiring electricity units and leaving them in the dark.

City Power customers are provided prepaid power meters and the amount of electricity they can consume depends on how many electricity units they acquire and upload to their meters.

Roughly six hours after the incident was first announced, the City of Johannesburg said on Twitter that most of the impacted applications and networks had been cleaned up and restored, but the City Power website and systems designed to allow suppliers to upload invoices remained offline.

Learn More About Threats Faced by the Energy Sector at SecurityWeek’s ICS Cyber Security Conference

“This [incident] will also affected our response time to logged calls as some of internal systems to dispatch and order material have been slowed by the impact,” the city said.

However, it sought to reassure customers that their personal information was not compromised as a result of the incident. It’s unclear what piece of ransomware was involved.

“Ransomware virus is known globally to be operated by syndicates seeking to solicit money. We want to assure residents of Johannesburg that City Power systems were able to proactively intercept this and managed to deal with it quickly,” customers have been told.

Advertisement. Scroll to continue reading.

The company’s main website still appears to be inaccessible at the time of writing, but electricity vending systems should be back online and customers have been provided an alternative site where they can report problems.

Matt Walmsley, EMEA Director at Vectra, commented on the incident, “We’re seeing ransomware becoming a far more focused tactic where cybercriminals take time to profile and target organisations who they believe will have a higher likelihood of paying a meaningful level of ransom.”

“The broad scope of disruption to City Power’s databases and other software, impacting most of their applications and networks suggest that the ransomware was able to very quickly propagate internally without impediment. The disruption to their services and consumer backlash will further compound the pressure on City Power’s IT and security teams to rapidly restore systems to a known good condition from back-ups, or chance of paying the ransom,” he added.

Several major industrial firms have been hit by ransomware in recent months, including metals and energy giant Norsk Hydro, aircraft parts maker ASCO Industries, chemical companies Hexion and Momentive, and special-purpose vehicle maker Aebi Schmidt.

Related: DoS Attack Blamed for U.S. Grid Disruptions

Related: Cyberattacks Against Energy Sector Are Higher Than Average

Related: Energy Sector Most Impacted by ICS Flaws, Attacks

Related: As Ransomware Rages, Debate Heats Up on Response

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...