South Africa

POWER HIT

Cyber crooks try to hold Johannesburg’s City Power to ransom

Cyber crooks try to hold Johannesburg’s City Power to ransom
A ransomware attack hit Johannesburg’s City Power on Thursday. (Photo: Roger Gordon/Flickr)

After a cyber-attack that debilitated its servers, Johannesburg’s City Power says it has successfully restored electricity vending within hours of the security breach being identified.

Some residents of Johannesburg were left in the dark as a ransomware attack took out the City’s power servers, preventing residents from being able to purchase and upload electricity units.

The attack was identified in the early hours of Thursday 25 July, according to spokesperson Isaac Mangena. Starting at 8.30am on the 25th, City Power’s official Twitter account, @CityPowerJHB, issued a series of tweets explaining the situation.

According to Adam Oxford, a freelance technology journalist, “Ransomware is a type of cyber attack in which a malicious program finds its way on to a computer system or network, and the damaging payload of that program will be to destroy data or encrypt it to the point where it is irretrievable.”

The attacked company is told to pay a ransom to decrypt data that is comprised in a ransomware attack. Oxford told Daily Maverick that ransoms are usually paid in a cryptocurrency such as Bitcoin into anonymous bank accounts in exchange for a decryption key.

But, according to Mangena, the City refused to pay the ransom. Although he would not reveal the ransom amount, Mangena told Daily Maverick, “As a matter of principle we do not pay ransoms.”

Without a decryption key, the City was left with two options: try to manually decrypt their servers and the affected data, or reconstruct their data and servers using unaffected backups.

In a statement issued a few hours after the attack was revealed on Twitter, City Power claimed that “most of the IT applications and networks that were affected by the cyberattack have been cleaned up and restored” with Mangena telling Daily Maverick the City was using unaffected backups to restore functionality.

However, due to the sensitivity of this matter and the fact that City Power and its head office where the system is situated is a national key point, some aspects of the matter have been taken up and treated as national cyber security issues.”

While there is a chance that the attack was specifically targeted, Oxford said that phishing emails containing ransomware are frequently sent in bulk without specific targets.

Most of the ransomware attacks are very highly automated – they’re not particularly targeted at any organisation. They’re distributed via email, they infect systems by people clicking on an email attachment and they can start spreading and encrypting as soon as the attachment is opened.”

City Power has reassured its clients that no personal information was compromised. By close of business on the same day City Power says they discovered the attack, electricity vending had already been restored.

According to Mangena, vending “was our priority as we didn’t want to inconvenience our customers who were unable to purchase electricity in this cold weather”.

However, at the time of publishing late on Thursday, City Power had not yet been able to restore its website’s functionality.

This is a concern because with today being the 25th it’s the day suppliers will log invoices so that they can be paid for work done. It means they won’t be able to. We have appealed to them to submit directly by physically walking into our offices in Booysens to do the submissions while we are busy with the problem,” Mangena told Daily Maverick.

Despite this, Oxford was impressed with the way City Power managed the situation.

People don’t talk about when they get attacked, they’re so frightened of brand damage and negative publicity, but actually we should be celebrating organisations that say, ‘Look, ransomware attacks are going to happen to everybody.’ These are highly automated attacks – if you’ve got an email address you are at risk of being attacked by ransomware.” DM

Gallery

Please peer review 3 community comments before your comment can be posted

X

This article is free to read.

Sign up for free or sign in to continue reading.

Unlike our competitors, we don’t force you to pay to read the news but we do need your email address to make your experience better.


Nearly there! Create a password to finish signing up with us:

Please enter your password or get a sign in link if you’ve forgotten

Open Sesame! Thanks for signing up.

Make your taxes work for you

Donate to Daily Maverick’s non-profit arm, the Scorpio Investigative Unit, by 29 February 2024 and you’ll qualify for a tax break.

We issue Section 18A tax certificates for all donations made to Daily Maverick. These can be presented to SARS for tax relief.

Make your donation today

Support Daily Maverick→
Payment options

Daily Maverick The Gathering 2024 banner

Daily Maverick has secured an esteemed speaker line-up...

to help make sense of Elections 2024.

Trevor Manuel, Prof Thuli Madonsela and Minister Ronald Lamola are among the latest panellists confirmed for Daily Maverick The Gathering Twenty Twenty-Four.

Join us, on Thurs 14 March 2024 at CTICC Cape Town or online wherever you are, for an event that will put the election in perspective.

Become a Maverick Insider

This could have been a paywall

On another site this would have been a paywall. Maverick Insider keeps our content free for all.

Become an Insider