South Africa’s state-owned power company, Eskom Holdings, has become the latest victim of the crippling ransomware attacks that have roiled governments around the world.
Eskom Holdings Confirms Ransomware Attack
According to the Johannesburg city government’s official Twitter account, the division supplying electricity to the country’s economic capital has had its systems encrypted and held hostage, “impacting most of our applications and networks.”
#JoburgUpdates
JUST IN: City Power has been hit by a virus which has led to a blackout to its IT systems. We apologise to our City of Joburg customers. The virus has attacked the City Power database and other softwares, impacting most of our applications and networks ^GZ pic.twitter.com/BHj7dvYO1A
— City of Joburg (@CityofJoburgZA) July 25, 2019
The attack devastated City Power’s IT systems, but at least power generation and supply remain unaffected. This will be a relief to the public utility, which has been rocked by a series of blackouts over the past few months.
Regardless, the fact that a ransomware attack could ground the IT operations of the most important city in Africa’s most developed economy will not be lost on cybercriminals.
To Pay or Not To Pay
Notably, Eskom declined to reveal specifics about the hackers’ ransom demands or whether it plans to pay the ransom.
In a tweet, City Power Johannesburg stated that its engineers are “cleaning and rebuilding all impacted applications.”
#Update City Power has been hit by a Ransomware virus. it has encrypted all our databases, applications and network. Currently our ICT department is cleaning and rebuilding all impacted applications.^GR
— @CityPowerJhb (@CityPowerJhb) July 25, 2019
The reasoning may be that since the affected areas are not core Eskom systems relevant to power generation and distribution, the company can afford to take the loss that comes with a hard reset.
Other government agencies have not been so lucky.
In May, CCN reported that the city of Baltimore was attacked by ransomware for the second time in the space of 12 months. The attackers demanded 13 BTC (~$130,000 at today’s bitcoin price) to decrypt the systems. City authorities refused to pay up, but the recovery cost the government nearly $20 million.
Ransomware Attacks Are Getting Worse
Researchers warn that ransomware attacks are getting worse, with the average ransom demanded doubling to nearly $13,000 from $6,700 last year.
Another study by ProPublica showed that most ransomware “recovery” firms usually just negotiated with the hackers, pay them off while charging a premium fee for recovery.
Enterprises have accounted for 4 in 5 #ransomware attacks since the start of 2018, rising 12% year on year. The research identified at least five different ransomware families such as #Ryuk & #SamSam that are threatening #businesscontinuity https://t.co/AXIJrk3kS1 @ITProPortal
— Stephen Thomas (@stephen__thomas) July 25, 2019
One common denominator with these ransomware attacks is that hackers demand to be paid in bitcoin or monero, because of their perceived secrecy.
Unsurprisingly, this has added more fuel to the anti-crypto regulatory stance held by some governments like India.