On Thursday, residents of Johannesburg, South Africa’s largest city, experienced significant disruptions as their power provider, City Power, fell victim to a ransomware attack. The malware managed to encrypt the company’s databases and applications, severely impacting its operations.
City Power issued a statement via Twitter, confirming the ransomware incident that occurred early in the morning. The attack rendered it impossible for customers to purchase prepaid electricity units or access billing information through the City Power website, leaving many without power as a result.
The city government communicated that they faced considerable challenges following the breach, stating, “The virus compromised our database and software, affecting critical applications and networks.” Fortunately, the company also reassured users that their personal information remained secure during this incident.
As of now, City Power has made notable progress in restoring electricity in several areas, in addition to reviving most essential operations, including systems that enable customers to acquire prepaid electricity. Yet, customers are still unable to access the City Power website to report faults and are advised to use their mobile devices to log calls via the alternate site citypower.mobi.
Cybersecurity experts are estimating that full restoration efforts may take weeks, highlighting the complexities involved in thoroughly cleaning up after such an attack. The financial repercussions could also be profound; previous incidents in other municipalities have seen recovery costs soaring into the millions.
While specific details about the ransomware variant exploited in this incident have not been disclosed, nor have confirmation of backups for critical data, officials are clearly urging patience from the public. A government tweet stated, “We apologize for the inconvenience caused and expect to have everything back in order soon.”
Johannesburg is not isolated in this trend; numerous cities are increasingly falling prey to similar ransomware attacks. Recent months have seen several municipalities targeted, with notable incidents reported in Florida where local governments paid hundreds of thousands of dollars to reclaim access to encrypted files.
Federal authorities and cybersecurity specialists warn against paying ransoms, advising that it not only emboldens cybercriminals but also offers no guarantees for the restoration of files or systems. Companies are encouraged to invest in robust backup solutions and to train employees on best practices to mitigate the risks associated with such cyber threats.
In this context, the tactics likely employed in the Johannesburg attack could include initial access, leveraging phishing for entry, persistence to maintain long-term access, and privilege escalation to gain control over administrative resources within the infrastructure. The incident serves as a stark reminder of the pervasive threat posed by cyberattacks and the need for vigilance among businesses and municipalities alike.
