27.7.19

South African power company battles ransomware attack


The power utility appears to be well on track to a swift recovery following an attack that ultimately left some people without electricity
City Power, one of the companies that supplies electricity to South Africa’s biggest city Johannesburg, is grappling with a ransomware attack that left some residents without power, according to Reuters.
The unspecified ransomware strain “has encrypted all our databases, applications and network”, reads the utility’s announcement from early Thursday local time.
The applications that were affected include the company’s prepaid vending system, which made it impossible for people to ‘refill’ their accounts and buy electricity units. As ZDNet notes, all this occurred on the pay day date (the 25th) for many South Africans who would then go on and pay for new electricity packages for the upcoming month.
The City of Johannesburg, which owns the utility, apologized for the “inconvenience” and said that its response to outages may be delayed after the system for ordering and dispatching material was also affected. The grid itself was not impacted.
No details about the attack vector or the criminals’ demands are available. The municipality was quick to reassure customers that their personal information had not been exfiltrated by cybercriminals – unlike the case, for example, with the ever more frequent data breaches.
Meanwhile, the utility is working ’round the clock to restore its systems. “If everything goes according to plan, everything should be restored by Friday,” it said. The company’s website, for one, remains inaccessible as of time of writing.
The municipality appears not to have followed in the footsteps of two cities in Florida, the US, which recently decided to cough up some hefty money to ransomware extortionists.
In closing, a quick aside: While this wasn’t the case with the incident at City Power, attacks aimed at electricity supply interruption aren’t unheard of. Ukraine, for one, has experienced two attack-induced blackouts in recent years. ESET researchers have analyzed samples of malware known as Industroyer that was probably to blame for an hour-long outage that hit parts of Kiev and nearby areas in December 2016. That piece of malicious code was found to be capable of controlling electricity substation switches and circuit breakers directly, including in some cases literally switching them off and on.