A ransomware attack aimed at City Power, the electricity provider for Johannesburg (aka Joburg), South Africa, has resulted in some residents temporarily without power.
While the provider’s operational technology (OT) network hasn’t been hit, the IT disruption prevented customers from buying electricity through its pre-paid vending system.
About the attack
City Power, which is owned by the City of Johannesburg. didn’t name the ransomware that started wreaking chaos on Thursday.
Through the City of Joburg’s official Twitter account, consumers were informed that the “virus”:
- Attacked the company’s database and software, impacting most of their applications and networks
- Affected their customer’s ability to buy electricity, upload invoices, or access their website
- May affect the company’s response to some outages as the system to order and dispatch material is affected.
“So far most of the IT applications and networks that were affected by the cyber attack have been cleaned up and restored,” they reassured. “However, work is still continuing on some systems and applications that were affected including the uploading of invoices by our suppliers, and logging faults by customers on the website.”
Citizens were also told that new service connections were not affected by the cyber attack and that none of their details were compromised.
According to City Power, most critical applications that were affected by the virus attack have been restored by Thursday evening (including the pre-paid vending system that enables customers to buy electricity).
Suppliers are still affected by the crisis and are unable to log their invoices for payments.
We appeal to them to physically bring the invoices to City Power in Booysens for processing.
Customers seeking to access the website to log faults, are still not be able to do so.
— @CityPowerJhb (@CityPowerJhb) July 26, 2019
“City Power will continue to work throughout the night to recover the systems and restore remaining applications. We are hoping that if everything goes according to plan, everything should be restored by Friday,” the electricity provider said just a few hours ago.
Ransomware disrupting critical insfrastructure
Security experts have long been worrying about malware disrupting OT systems on which critical infrastructure depends on, but ransomware that doesn’t specifically go after those systems is proving to be nearly as bad.
“Cities, and especially their infrastructure sites, are usually a low-hanging fruit for unscrupulous cyber gangs. These victims will almost inevitably pay the ransom as all other avenues are either unreliable or too expensive,” Ilia Kolochenko, CEO, ImmuniWeb, told Help Net Security.
“Crypto currencies make such crimes technically uninvestigatable in most cases, letting the wrongdoers enjoy impunity. Law enforcement agencies are already overburdened with an increasingly growing pipeline of sophisticated investigations, often aggravated by continuous lack of financing and unfriendly colleagues from foreign jurisdictions. Unless governments develop, finance and duly enforce security regulations purported to safeguard cities and municipalities, we will soon dive into a darkness, facing grave accidents involving airports and other objects of critical infrastructure.”
Dave Weinstein, CSO of Claroty, pointed out that attackers need not necessarily access control systems anymore to impact something as critical as electric distribution.
“The convergence of traditional IT systems like databases and OT systems like industrial control systems (ICS) poses serious risk to public utilities all over the world,” he added.