View profile

Lights out

From power cuts to ransomware, it has been an interesting few days in Johannesburg. - Tefo Mohapi
July 29 · Issue #48 · View online
iAfrikan Daily Brief
From power cuts to ransomware, it has been an interesting few days in Johannesburg. - Tefo Mohapi

It has been a curious few days in Johannesburg. Late on Wednesday, 24 July 2019 the city’s power utility company, City Power Johannesburg, started experiencing some problems with its network and IT systems. Early the following morning on Thursday, it was revealed that City Power Johannesburg had suffered from a ransomware attack that resulted in all its key systems and data being encrypted.
You need to understand that it is currently winter in South Africa, and last week, the country experienced some of its lowest temperatures. Before the City Power ransomware attack, Johannesburg was already experiencing power cuts in some areas as the electricity grid was starting to feel the strain as more people left appliances like heaters on longer than usual.
Johannesburg Central Business District (CBD)
Given that, the ransomware attack came at a very bad time. To make matters worse especially for many of the city’s inhabitants who rely on prepaid electricity, they could not buy any electricity as systems were inaccessible and they were left in the cold and dark for a couple of days.
Ransomware attacks, especially against relatively rich cities are becoming common. Just earlier this year during May 2019, Baltimore suffered a similar ransomware attack which paralysed the whole city’s IT systems and as we speak, the city is still trying to recover some its core systems and only last week approved a budget of $10 million to help with rebuilding its data and IT systems. I mention Baltimore to deal with the first remark some people have tried to allude to (from ignorance) that this only happened because TiA (This is Africa, suggesting incompetence).
For several days until late on Monday, 29 July 2019, this is the message you would get when visiting the City Power Johannesburg website. This meant that citizens couldn't log complaints and suppliers couldn't log in and interact with the power utility as they normally would, eg. upload invoices.
The thing with ransomware is that new strains are being developed regularly and thus, apart from keeping your security software up to date, most organizations can only be reactive. This is where things such as backups, disaster recovery plans, etc. come into play to help recover systems as quickly as possible. Judging from how long it took City Power to recover, there are question marks around this.
This becomes even more concerning as the power utility was quick to issue positive media statements of recovery yet customers were reporting the opposite.
At the time of writing this newsletter the City Power website was back up, but on close inspection it looks like it was rebuilt and not restored to where it was just before the ransomware attack. This raises questions about whether backups were encrypted too and to what extent will the power utility be able to recover its systems if we are to use Baltimore as a reference.
More worrying from my point of view, and given that the utility’s spokesperson confirmed that the ransomware attack “came in via e-mail” suggesting that it was a phishing e-mail, is that they don’t seem to have really learned from this experience.
City Power Johannesburg was instructing customers to visit to log complaints and tickets, yet that domain was redirecting to a non City Power domain, a bad information security practice especially given how the ransomware attack allegedly entered their systems.
Given that City Power’s systems were down, they had to find an alternative for allowing customers to log complaints and faults. As such, they asked customers to visit This is all good and well except that customers would then be redirected to a non City Power and non-City of Johannesburg domain.
This is especially a bad security practice when you consider that the power utility suffered a ransomware attack as a result of a phishing e-mail. Not to mention how it makes it easier in future for cyber criminals to hijack one of their domains and redirect customers to another website where they can do as they please, customers would likely be non the wiser as City Power as set a precedent.
🇨🇳 Ren Zhengfei, CEO of Huawei, says that China can and should launch its own digital currency to rival Facebook’s Libra. This of course assumes that Libra will launch as planned in 2020 given the recent pushback from US and European policymakers alike. Link
☠️ South African power utility, City Power Johannesburg, has been hit by ransomware. This resulted in its systems going offline and citizens not being able to purchase electricity. Link
⚡ City Power Johannesburg has issued a statement on their progress regarding restoration of its IT systems following a ransomware attack. It says most of its IT systems were affected by the “virus.” Link
👩‍⚕️ The recent City Power Johannesburg ransomware attack has put the spotlight on what measures must be taken by South African businesses to mitigate the risks associated to data being available and accessible on a variety of platforms. Link
🏙️ Without the proper legal rules in place, the dream of efficient smart cities in South Africa will not be realized. Link

You can read Medium Premium (paywall) articles for FREE if you visit the link using Google Chrome's Incognito mode.

3:26 PM - 28 Jul 2019
Did you enjoy this issue?
If you don't want these updates anymore, please unsubscribe here
If you were forwarded this newsletter and you like it, you can subscribe here
Powered by Revue