City Power, one of the largest power companies in Johannesburg, South Africa, has announced that they have been crippled by ransomware. On July 25, City Power’s official Twitter account stated the following in a series of tweets:
City Power has been hit by a ransomware virus. it has encrypted all our databases, applications and network. Currently our ICT department is cleaning and rebuilding all impacted applications... Customers may not be able to visit our website and may not be able to buy electricity units until our ICT department has sorted the matter out, Customers and stakeholders will be updated as and when new information becomes available... Due to software problem that we currently have customers and stakeholders may not be able to upload invoices when making payments."
The ransomware variant utilized in the City Power attack is currently unknown, but it is clear that the strain was a rather powerful one. Additionally, City Power is staying tight-lipped about how the ransomware found its way into the network in the first place. Based on countless incidents like this in the past, however, the most likely conclusion is that a social engineering attack caused the infection. In most cases of ransomware, it simply takes one ignorant individual to open an email and its subsequent payload to give threat actors free rein over a network.
As Bleeping Computer’s Sergiu Gatlan noted in his own report on the City Power ransomware attack, there have numerous reports (see here and here) of power outages by customers of the provider. It is not known whether this is linked to the attack, but it is suspicious how these separate incidents occurred right next to the time of infection. If these outages are linked, it will only add to the large expense that ransomware attacks of this magnitude incur.
Cities and utilities are increasingly becoming victims of ransomware as hackers search for soft targets with big pockets, and we have already reported on the devastating attack against Atlanta that took place last year. This incident proves cybercriminals are far from done with this strategy.
Featured image: Pixabay