Ransomware Hits Johannesburg Electric Utility and the City Goes Dark

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

City Power, the electric power production and distribution company that is responsible for keeping the lights on for the city of Johannesburg has suffered a catastrophic ransomware attack, as they reported themselves on Twitter. As they explained, the ransomware attack has encrypted all their databases, applications, and network, so their IT department is currently cleaning and rebuilding everything from scratch. Until the matter is sorted, customers and stakeholders are warned that they won’t be able to access the City Power website, upload invoices, make bill payments, and buy new electricity units.

This confirmation came after multiple customers reported problems, and after quite a few calls on local radio stations, so City Power had to make a public statement. Those who tried to call the power company’s helpline received a “Dear customers, please note that we are currently experiencing a problem with our prepaid vending system. We are working on this issue and hope to have it resolved by one o’clock today.” This gave an indication for when to expect the systems to be back online, and as the latest tweets show, the majority of the impacted electricity supply points have been restored by now.

Whether or not the power company paid the ransoms, and if they restored their systems through offline backups are two crucial details that have not been clarified yet. What has been specified, however, is that no customer data was compromised or leaked to the malicious actors, or at least that’s what the company stated. Finally, suppliers who still wish to submit invoices for payments were advised to physically bring them to the City Power offices in Booysen, so that the regular operations aren’t interrupted.

One thing that all cybersecurity experts agree on is that ransomware targeting energy and utility agencies is becoming a frequent problem, and the predictions for the following years are not leaving any margin for hope. Agencies that carry out a highly-critical role cannot afford to keep their clients unserved for long, so ransomware actors usually get their payment promptly. This, of course, is the very reason why the vicious cycle continuous, and the only way to break it is by implementing sound and robust security practices. The most significant step to take is to incorporate a “regular backups” system. Even if all else fails, having offline backups handy is always a great way to avoid paying ransoms.

What do you think about companies not learning their lesson even after ransomware actors having hit so many high-profile targets during the past few months? Share your opinion in the comments down below, or on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: