25th July, 2019
Johannesburg’s power utility City Power has been hit by ransomware, it tweeted on Thursday morning, crippling its website and invoicing system.
“City Power has been hit by a Ransomware virus. it has encrypted all our databases, applications and network. Currently our ICT department is cleaning and rebuilding all impacted applications,” the thread began.
“Customers may not be able to visit our website and may not be able to buy electricity units until our ICT department has sorted the matter out, Customers and stakeholders will be updated as and when new information becomes available.”
“As a result, customers may also find it a struggle to upload invoices for confirmation of payments”.
The utility noted that its mobile website, however, remains accessible. And if you desperately need to yell at someone over at City Power, the hotline numbers can be found on the mirror website, cached by Google.
In later updates, the City revealed some areas affected by the virus and those most hit by the virus.
“Joburg prepaid electricity users left in the dark as City Power crippled by computer virus
“Cowley Road Distributor tripped, affecting the following areas: Petervale and Bryanston. Technicians will be dispatched to investigate and work on restorations.”.
The power agency however assured it was trying to untangle itself from the visrus.
“Ransomware virus is known globally to be operated by syndicates seeking to solicit money. We want to assure residents of Johannesburg that City Power systems were able to proactively intercept this and managed to deal with it quickly”, it tweeted @CityPowerJHB
News24 reporting on the glitch wrote:
A computer virus which has hit City Power has resulted in a blackout to its internet technology system, leaving scores of Johannesburg residents unable to purchase electricity, as their kilowatts approach 0.00.
The power utility’s spokesperson Isaac Mangena said the virus had attacked its database and other software, impacting on most of its applications and networks.
The virus has also prevented those who had already bought their electricity from uploading it to their meter boxes.
The City Power website is also affected by the virus.
“It may also affect our response to some outages, as the system to order and dispatch material is affected. City Power IT team has been working since early morning 01:00 to fix this problem,” Mangena said.
What is ransomware?
It’s not clear to what degree the ransomware has affected City Power’s ICT infrastructure, but either way, the affliction is a bit of a digital headache, reported memebun.com The malware would encrypt all data it can find, locking it away behind a ransom.
Ransomware commonly infects machines using two methods, according to security firm ESET: “Either through spam emails that manipulate victims (employees) into clicking on malicious links or into download of a malicious attachment; or by brute-forcing weak passwords used for remote access,” it told Memeburn in an email.
Arguably the most famous ransomware, WannaCry, struck multiple companies across the world in 2017, affecting more than 250 000 computers. The likes of Britain’s healthcare services, car manufacturer Nissan was also affected.
NotPetya came along a few days later.
City Power failed to provide an estimate on how long the issue will linger but according to ESET, it could take months in the worst case scenario.
“If there is a decryption tool available for the ransomware family (and variant) in question, recovery may only take a few hours. If the affected organisation is forced to restore its systems from backups it can take between a few hours to a few days to bring everything back online,” the firm added.