Your security online is very important as a scourge of ransomware spreads around the Internet. What it can do is pretty scary but for the most part, the good news is that it really has never threatened people’s lives, only their livelihoods. That was until this past July in Johannesburg, South Africa.

Ransomware In The Dead Of Winter

First, remember that Johannesburg is in the Southern Hemisphere and their July is our January. Now of course no one is going to mistake South Africa for Canada much less Pennsylvania but it can get cold there. On July 25 when the ransomware attack hit the high in Johannesburg, South Africa’s largest city, was 68 degrees Fahrenheit for a high with a low of 36. More like mid October here but that is the time that many people start turning their heating on.

City Power Leaving Residents Out Of Power

City Power was hit with a ransomware attack that encrypted their databases, applications and their network. It did not knock the city’s struggling power grid offline but it did affect the ability for residents to report power outages and for residents to buy prepaid electricity. This did leave around 250,000 people without power since July 25 was a payday for many residents and City Power offers a prepaid plan to purchase electricity in advance. With a population of 5.6 million people that is a substantial number of people out of power. City Power is owned by the City of Johannesburg.

Considering the record low in Johannesburg is 23 degrees and the average low is 39 degrees it is probably safe to say that the residents are not used to extreme cold. July though is typically one of the driest months so at least there would be no snow in the forecast. The largest American city with similar average temperatures at this time of year is Sacramento, California.

Maybe Business As Usual

Perhaps though residents are used to it. Power grids in much of sub-Saharan Africa are unreliable at best and blackouts are common according to a 2015 New York Times article. Aging infrastructure, some dating back to before the end of Apartheid, and poor management have hit South Africa hard, even leading to Nigeria overtaking South Africa as the largest economy on the African continent. Since the end of Apartheid electricity has reached 85% of the population but a lack of new capacity has hampered the country with rolling blackouts being common since 2008.

City leaders call these rolling blackouts load shedding. Most residents want them to just call them blackouts and it is starting to lead many to lose faith in their government’s ability to provide basic services. These rolling blackouts affect both poor and affluent neighborhoods in the city.

City Power acknowledged that it had been hit through Twitter. Johannesburg is not the first city to be hit as several American cities have been hit in the same manner but none in the dead of winter (though one such attack did hit Kiev, Ukraine in December 2016). Several major American cities have also been hit, most notably Baltimore in what is becoming a lucrative criminal enterprise.

Not Paying The Ransom

It does not appear that the attack was able to breach the network and expose customer information to the attackers. Rather than paying the ransom the city worked to restore its systems and that appeared to have worked.

That was until October 25 when the city government itself was hit by a ransomware attack. This forced the city to shut down its website, its e-services platform and its billing system. All emergency calls were diverted to provincial call centers outside of the city. In this case customer information was breached.

Hit Worse The Second Time

The attackers demanded a ransom of 4 bitcoins (about $30,000) and told city leaders that they had until October 28 to pay the ransom. They also told them that they had dozens of back doors into the system. City leaders refused to pay the ransom and restored their systems. 

Keep Your Systems Up To Date

Now obviously your business is not on the same scope or size of either City Power or the City of Johannesburg but there are some important lessons to be learned. While it is unknown if the two attacks are linked to each other there is a good chance that they are, either as a trial run to test the city’s security or that the attack on City Power was more extensive than originally admitted.

One of the main reasons these attacks are so successful is through the victims using outdated software or failing to keep their computer systems up to date. In this case the attackers asked for a small ransom in the hopes of securing that payment. Fixing these attacks are both difficult and expensive. Not only will systems need to be restored (costing you any sales or payments made during the downtime) but new equipment will need to be purchased and someone will need to do the work, which costs money as well. It took Johannesburg IT workers more than 4 days to get the systems back up and running. The total bill in the Baltimore ransomware attack exceeded $18 million

A Test Run Or Creating A More Lucrative Opportunity

Johannesburg was lucky the first time that their main IT network went unbreached but perhaps it was just to be exploited later. Could the attack on City Power have been the way in to a more lucrative target? 

How can you avoid this? Keep your computer systems up to date. This is the easiest way to avoid something like this. By closing any vulnerability with a patch you can keep your system much more secure. The last thing that you want to have happen at this time of year is to deal with something like this. And if you do get hit, learn your lesson and make sure it doesn’t happen again.

Comments are closed.

Scroll to Top