City Power, one of the largest power suppliers in South Africa‘s Johannesburg, was hit by a ransomware infection which said to have crippled and encrypted all its databases, applications and network.
This resulted in a blackout of its IT systems, leaving some of the city's residents without any elecricity.
The ransomware attack came during a time when Johannesburg was under a grip of cold weather.
With temperature falling to about 5 degrees celsius at night, City Power has urged city residents to use power sparingly to avoid unplanned power outages. The power supplier earlier said that its grid was already experiencing capacity constraints due to cold temperatures.
The company also said that the attack impacted vendors, who couldn’t upload invoices or access its website.
The virus has affected our customers' ability to vend, that is buying electricity, upload invoices, or access our website.
It may also affect our response to some outages as the system to order and dispatch material is affected. @CityofJoburgZA— @CityPowerJhb (@CityPowerJhb) July 25, 2019
City Power was just one of the several companies hit by ransomware in recent months.
Previously, Lake City officials approved a huge payment of nearly $500,000 after a Ryuk ransomware attack encrypted the city’s IT network. Jackson County officials in Georgia, in a similar attack, paid $400,000 to cyber-criminals to get rid of a ransomware infection, and La Porte County, Indiana, paid $130,000 to recover data on from its encrypted computer systems.
But here, City Power refused to pay the ransom.
“As a matter of principle we do not pay ransoms," said the utility's spokesperson Isaac Mangena.
Without a decryption key, the City was left with two options: try to manually decrypt their servers and the affected data, or reconstruct their data and servers using unaffected backups.
City Power IT teams have worked over night and will continue to work throughout Friday and the weekend to ensure the recovery is completed.
We thank the residents of the City of Johannesburg for their patience during this time, and we apologise for the inconvenience caused.— @CityPowerJhb (@CityPowerJhb) July 26, 2019
Working with its "strategic external partners" that are experts in cyber security, Mangena said that the company managed to restore most of its information technology systems, including the pre-paid electricity vending system.
Fortunately, the company had timely backup in place, allowing it to recover and restore the impacted applications, giving the ability to thwart the attacks.
"Today [Friday], the server which is supplying large server users, has been restored and now they can be able to vend," Mangena said.
"The team have been working throughout the night and they will continue to work to ensure that the recovery and restoring process is finalized. Also, our cyber security investigators have been working as well to determine where the virus has come from and who is responsible for it. They are treating this as a security threat."
City Power claimed that "most of the IT applications and networks that were affected by the cyberattack have been cleaned up and restored", reassuring its clients that no personal information was compromised.
On the same day City Power said that they discovered the attack, electricity vending had already been restored.
It “was our priority as we didn’t want to inconvenience our customers who were unable to purchase electricity in this cold weather," said Mangena.