The power
utility appears to be well on track to a swift recovery following an attack
that ultimately left some people without electricity
City Power, one of the companies that supplies electricity to South
Africa’s biggest city Johannesburg, is grappling with a ransomware attack that
left some residents without power, according to Reuters.
The unspecified ransomware strain “has encrypted
all our databases, applications and network”, reads the utility’s announcement from early Thursday local time.
The applications that were affected include the
company’s prepaid vending system, which made it impossible for people to
‘refill’ their accounts and buy electricity units. As ZDNet notes, all this occurred on the pay day date
(the 25th) for many South Africans who would then go on and
pay for new electricity packages for the upcoming month.
The City of Johannesburg, which owns the
utility, apologized for the “inconvenience” and said that its response to outages may
be delayed after the system for ordering and dispatching material was also
affected. The grid itself was not impacted.
No details about the attack vector or the
criminals’ demands are available. The municipality was quick to reassure
customers that their personal information had not been exfiltrated by
cybercriminals – unlike the case, for example, with the ever more
frequent data breaches.
Meanwhile, the utility is working ’round the clock
to restore its systems. “If everything goes according to plan, everything
should be restored by Friday,” it said. The company’s website, for one, remains
inaccessible as of time of writing.
The municipality appears not to have followed in
the footsteps of two cities in Florida, the US, which recently decided to cough up some hefty money to ransomware extortionists.
In closing, a quick aside: While this wasn’t the
case with the incident at City Power, attacks aimed at electricity supply
interruption aren’t unheard of. Ukraine, for one, has experienced two
attack-induced blackouts in recent years. ESET researchers have analyzed
samples of malware known as Industroyer that was probably to blame for an hour-long outage that hit parts
of Kiev and nearby areas in December 2016. That piece of malicious code was
found to be capable of controlling electricity substation switches and circuit
breakers directly, including in some cases literally switching them off and on.