A company responsible for providing electricity to the South African city of Johannesburg disclosed that it fell victim to a ransomware attack.
On 25 July, City Power disclosed on Twitter how the attack had affected all of its databases and applications as well as its network.
#Update City Power has been hit by a Ransomware virus. it has encrypted all our databases, applications and network. Currently our ICT department is cleaning and rebuilding all impacted applications.^GR
— @CityPowerJhb (@CityPowerJhb) July 25, 2019
In subsequent tweets, the electricity provider noted that customers might have a difficult time accessing its website until it had fully restore all assets encrypted by the infection. It therefore instructed customers to use citypower.mobi in order to log calls. At the same time, the company said that customers might encounter some difficulty in purchasing electrical units as well as uploading invoices when attempting to make payments.
City Power also said that the attack might affect its ability to respond to certain outages as the result of the attack having affected its dispatching system.
According to Reuters, City Power customers have already begun calling into a local radio station claiming that they had lost power as a result of the ransomware attack.
This isn’t the first time in recent memory where ransomware has targeted a municipality. Back in May, news emerged of how a Robbinhood ransomware attack had affected the email systems, phone lines and online bill payment applications of the City of Baltimore. These reports came approximately one month before Lake City in Florida suffered a “triple threat” infection in which digital attackers used Emotet and Trickbot to distribute Ryuk ransomware. The municipality subsequently met the attackers’ demands of $460,000 in bitcoin. Shortly thereafter, the City fired its IT director.
Per its Twitter account, City Power said that its ICT department is currently working to sort out the matter.
Organizations should use this most recent attack as well as those that struck Baltimore and Lake City as an opportunity to strengthen their defenses against a ransomware attack. They can start by taking certain precautions so as to prevent an infection in the first place. This is a good place to start towards that end.