Times Select 29 July 2019
When it comes to the web, the words safe and secure do not exist, experts said in reaction to the recent ransomware attack on Joburg City Power.
Several of City Power’s IT applications and networks were affected by a cyberattack on Thursday that prevented customers from buying prepaid electricity or accessing the website to log faults and invoices. By Friday morning, the server, which supplies large power users, including mines, factories, shopping malls and hospitals, was restored.
This latest attack caused blackouts across Joburg as cybercriminals took control of the city’s power servers, preventing residents from purchasing electricity.
City Power successfully restored its encrypted servers within hours of the security breach being identified.
Prof Basie von Solms, director of the Centre for Cyber Security at the University of Johannesburg (UJ), says it is “naïve” to think you are safe from cyberattacks, as “this is one of the most lucrative ways of committing crime. They almost always succeed in coercing their victims to comply as the risk is always higher.
“It happens all the time, all over the world. Their modus operandi always gets more sophisticated. They have many methods, and they decide according to the profile of the target. Ransomware is their most used tool.”
Von Solms said in this case, “we may never know what the city did to get back their power. Information is power; in this case, they can’t afford to have residents’ personal information in the wrong hands. Something must give.”
He said no one was ever safe from cyberattacks. “People must just have systems at hand to minimise the risk.”
John McLoughlin, J2 Software CEO, said cities seem to be a preferred target for ransomware nowadays.
“They are often paying criminals millions to recover encrypted critical data in order to quickly restore their services.
“Hackers are working to gain secure data all the time, it doesn’t matter what industry. Cybersecurity is a money-making business and will continue to grow,” McLoughlin.
He said it was highly recommended that one never pays the ransom “because even if one does, there is no guarantee that you will get your information back”.
“With ransomware, the first thing hackers aim to do is to delete backups if they are not segmented from the network.
“Remember, every single recovery method will already be anticipated by the hackers. Businesses need to assess the kind of attacks that are most probable to hit their networks,” he added.
Data recovery was normally easy when done correctly, but recovering an entire system would take some time, he said.
“There are third-party companies that can provide backup solutions through the cloud.”
City Power spokesperson Isaac Mangena said the virus that attacked City Power was disguised, making it difficult for the monitoring systems to pick it up and block it.
“We have so far managed to identify the type of ransomware virus used. We have taken the samples to the external labs for analysis and testing.
“This is as part of an investigation. We have also recovered and, in few instances, reconstructed most of the systems, applications and data that was threatened.
“E-mail system was the most affected, and it’s taking a while to recover and restore. We are beefing up our cyber-monitoring and defence systems to ensure we avoid such in future,” Mangena said.
The lab results will also help in ensuring “we learn and be ready for similar or even worse attempts in future”.
What is ransomware?
A malicious code embedded by hackers into companies’ or individuals’ computer networks‚ infecting those systems. The code essentially locks the system‚ and only the hacker can unlock it, which they will only do once a ransom is paid.