Johannesburg’s power utility City Power has been hit by ransomware, it tweeted on Thursday morning, crippling its website and invoicing system.
“City Power has been hit by a Ransomware virus. it has encrypted all our databases, applications and network. Currently our ICT department is cleaning and rebuilding all impacted applications,” the thread began.
No ad to show here.
#Update City Power has been hit by a Ransomware virus. it has encrypted all our databases, applications and network. Currently our ICT department is cleaning and rebuilding all impacted applications.^GR
— @CityPowerJhb (@CityPowerJhb) July 25, 2019
“Customers may not be able to visit our website and may not be able to buy electricity units until our ICT department has sorted the matter out, Customers and stakeholders will be updated as and when new information becomes available.”
As a result, customers may also find it a struggle to upload invoices for confirmation of payments.
The utility noted that its mobile website, however, remains accessible. And if you desperately need to yell at someone over at City Power, the hotline numbers can be found on the mirror website, cached by Google.
What is ransomware?
It’s not clear to what degree the ransomware has affected City Power’s ICT infrastructure, but either way, the affliction is a bit of a digital headache. The malware would encrypt all data it can find, locking it away behind a ransom.
Ransomware commonly infects machines using two methods, according to security firm ESET: “Either through spam emails that manipulate victims (employees) into clicking on malicious links or into download of a malicious attachment; or by brute-forcing weak passwords used for remote access,” it told Memeburn in an email.
Arguably the most famous ransomware, WannaCry, struck multiple companies across the world in 2017, affecting more than 250 000 computers. The likes of Britain’s healthcare services, car manufacturer Nissan was also affected.
NotPetya came along a few days later.
City Power failed to provide an estimate on how long the issue will linger but according to ESET, it could take months in the worst case scenario.
“If there is a decryption tool available for the ransomware family (and variant) in question, recovery may only take a few hours. If the affected organisation is forced to restore its systems from backups it can take between a few hours to a few days to bring everything back online,” the firm added.
Updated the article with comments from ESET.
Feature image: Kelly Sikkema via Unsplash