Ransomware attack causes blackout in Johannesburg, South Africa

Cyberattacks against critical infrastructure have become common, system audit experts mention; groups of threat actors are constantly developing new ways of compromising critical sectors of industry and public services seeking economic benefits or even interfering in the political life of the attacked territory.

This time, a ransomware infection has been reported on the systems of one of South Africa’s leading power suppliers, specifically in the capital, Johannesburg. The incident was surprising and left thousands of residents without electric power.

The company affected by the incident, City Power, provides a prepaid electricity distribution service for local residents and companies. According to the company’s report, the encryption malware blocked access to databases, internal networks, web applications and the official City Power site.

The infection was detected Wednesday night. As mentioned by system audit specialists, the incident has prevented citizens from accessing the company’s prepaid services; In addition, entrepreneurs who produce energy from solar panels and then sell it to the company have also been disrupted.

To make it worse, local media report that pre-payment electricity plans from Johannesburg residents typically expire during the last five days of each month, so a massive blackout could be just around the corner. In an update to the incident, the company mentioned that ransomware used by hackers has prevented them from responding to service interruptions detected so far, as City Power does not have access to its internal applications. The company declined to reveal the name of the ransomware variant used in the attack.

International Institute of Cyber Security (IICS) system audit specialists have reported recent cyberattacks against services and public offices in multiple locations around the world, especially in the United States. A couple of months ago a small wave of ransomware attacks were detected against small towns in Florida, US that, while not resulting in power outages or infrastructure failures, dispend hundreds of thousands of dollars in recovery costs, so it is recommended to users staying alert against any potential cyberattack attempt.