After a cyber-attack that debilitated its servers, Johannesburg’s City Power says it has successfully restored electricity vending within hours of the security breach being identified.
Some residents of Johannesburg were left in the dark as a ransomware attack took out the City’s power servers, preventing residents from being able to purchase and upload electricity units.
The attack was identified in the early hours of Thursday 25 July, according to spokesperson Isaac Mangena. Starting at 8.30am on the 25th, City Power’s official Twitter account, @CityPowerJHB, issued a series of tweets explaining the situation.
According to Adam Oxford, a freelance technology journalist, “Ransomware is a type of cyber attack in which a malicious program finds its way on to a computer system or network, and the damaging payload of that program will be to destroy data or encrypt it to the point where it is irretrievable.”
The attacked company is told to pay a ransom to decrypt data that is comprised in a ransomware attack. Oxford told Daily Maverick that ransoms are usually paid in a cryptocurrency such as Bitcoin into anonymous bank accounts in exchange for a decryption key.
But, according to Mangena, the City refused to pay the ransom. Although he would not reveal the ransom amount, Mangena told Daily Maverick, “As a matter of principle we do not pay ransoms.”
Without a decryption key, the City was left with two options: try to manually decrypt their servers and the affected data, or reconstruct their data and servers using unaffected backups.
In a statement issued a few hours after the attack was revealed on Twitter, City Power claimed that “most of the IT applications and networks that were affected by the cyberattack have been cleaned up and restored” with Mangena telling Daily Maverick the City was using unaffected backups to restore functionality.
“However, due to the sensitivity of this matter and the fact that City Power and its head office where the system is situated is a national key point, some aspects of the matter have been taken up and treated as national cyber security issues.”
While there is a chance that the attack was specifically targeted, Oxford said that phishing emails containing ransomware are frequently sent in bulk without specific targets.
“Most of the ransomware attacks are very highly automated – they’re not particularly targeted at any organisation. They’re distributed via email, they infect systems by people clicking on an email attachment and they can start spreading and encrypting as soon as the attachment is opened.”
City Power has reassured its clients that no personal information was compromised. By close of business on the same day City Power says they discovered the attack, electricity vending had already been restored.
According to Mangena, vending “was our priority as we didn’t want to inconvenience our customers who were unable to purchase electricity in this cold weather”.
However, at the time of publishing late on Thursday, City Power had not yet been able to restore its website’s functionality.