Johannesburg City Power customers are about to be left in the dark, thanks to a ransomware virus which encrypted all its databases and applications that run the entity’s payment and invoicing systems.
What happened?
Ransomware is a type of virus that locks a user’s files and databases until they pay a ransom in an online cryptocurrency to get their data back. These types of attacks generally attack small businesses, but can also attack larger organisations without ransomware protection.
In an announcement on City Power’s Twitter feed, the government entity has confirmed: “The virus has affected customers’ ability to vend, that is buying electricity, upload invoices, or access our website.” Not all systems are taken down. While the desktop website is unavailable, calls can still be logged on the mobile website at citypower.mobi.
Why did it happen?
In research published by World Wide Worx in partnership with VMware and Trend Micro (see http://bit.ly/secure2019), the market research consultancy found the biggest shortcoming in cybersecurity preparedness was outdated software. The report found that an enormous 77% of IT decision-makers reported that outdated software makes their organisations highly vulnerable. In terms of additional vulnerability factors, senior management not understanding the risk slots in close behind, indicating a massive need for education and a need for a new approach to security, where it is an intrinsic part of the systems deployed by business.
What do the data and security experts say?
Kate Mollett, Africa’s regional manager at Veeam, a leader in data backup and recovery, says: “Downtime is not just an IT problem, it’s the entire leadership team’s problem. In South Africa, there is an interesting trend to hire senior Data Protection Officers, whose core responsibility is to ensure that business data is protected and available, no matter where it resides.”
Matt Lawrence, head of Incident Response at F-Secure, says: “Having a strong response strategy, including mitigating a spreading attack and ensuring back-ups are reliable and well-tested, will drastically reduce the impact of an attack. Without these steps in place, ransomware victims will be forced to endure lengthy and costly downtimes as their security team restores functionality and combs through their systems to ensure the malicious files are properly removed.”
Is South Africa alone?
Government organisations in the US are also being targeted by this type of virus. Last month, The New York Times reported on a city in Florida, USA, that paid the ransom to unlock the data. The city council set a precedent for quietly allowing the city to comply with cyber attackers. The ransom was 65 Bitcoin, or about $600,000.
What now?
It is unclear when the systems will be brought back online, whether City Power had a backup, or whether records on its systems will be lost forever. In a statement on Twitter, City Power said: “Currently, our ICT department is cleaning and rebuilding all impacted applications.”
Gadget will report more on this story as it develops.
