Cyber News: Johannesburg suffer major ransomware attack

In July 2019, City Power, a major electricity supplier responsible for providing electricity to the city of Johannesburg, suffered a ransomware attack, leaving residents without electricity. 

City Power said that the company’s systems safeguarding weren’t sufficient enough to prevent the ransomware attack. The South African energy firm revealed on twitter that its IT systems were shut down, saying that “It has encrypted all our databases, applications and network.” 

Similar to the ransomware attack faced by the city of Baltimore, other services were affected. Some City Power customers reported problems with their electricity supplies through social media because the City Power website was offline. The ransomware attack affected customers’ ability to buy pre-paid electricity and also hindered the company’s attempts to respond to localised outages.

Attackers are holding City Power hostage and say they will restore access when a payment is made although  there isn’t a guarantee that they will do so.

Ransomware is a type of malware in which the data on a victim’s computer is locked, this is usually by encryption and payment is required before the data is decrypted and access is to the data returned to the victim. 

Unlike other types of cyberattacks, the victim of a ransomware attack is usually notified of the attack and then given a set of instructions on how to recover from the attack which will usually involve a payment being made in a virtual currency like Bitcoin. This is so that the cybercriminal’s identity stays anonymous.

The malware used in a ransomware attack can spread through malicious email attachments, infected and vulnerable software apps, external storage devices, and websites that have been compromised. 

The use of ransomware by cybercriminals in rapidly increasing. According to the McAfee Labs Threats Report, ransomware increased by 118% in the first three months of 2019 compared with the previous quarter.  

Businesses need to be proactive in preventing cyberattacks. To help, we have constructed 5 key tips to prevent your organisation from being a victim of a ransomware attack.  

1. Don’t open unverified links

Although it may seem obvious, clicking links in spam emails or websites you may be unfamiliar with is a popular way for ransomware malware to gain access to your system. Therefore, avoid clicking on these types of unfamiliar and unverified links. A common way your computer can become infected is through downloads that start when you click on malicious links. 

As soon as the ransomware has some data as hostage, it will demand a ransom in order for the victim to recover their data. Although paying the ransom may seem as the easiest solution, it does not guarantee that the cyber criminal will grant you access to your device or data again. 

2. Avoid untrusted email attachments 

Email attachments are another popular way that ransomware could get onto your system. It is important not to open email attachments that come from senders you may not trust. Understanding who the email is coming from and whether the attachment looks legitimate before opening it, is essential to avoid ransomware attacks.

You shouldn’t open attachments that ask you to enable macros in order to view them. Opening the attachment may run the malicious macro if the attachment is infected. This will allow the malware to gain control over the system.

3. Ensure you have security software

With the widespread growth of cyber criminals and the increasing complexity of how they commit their attacks, it is crucial to have ransomware protection software with a comprehensive internet security solution.

4. Download files only from trusted websites

The most effective way of reducing the risk of downloading ransomware is by only downloading files from websites you trust. Verify the authenticity of the websites you visit before downloading any files.

The majority of trusted websites have trust markers to verify their authenticity. Look for the lock or shield icons in your search bar and check that the website url includes “https” rather than simply “http” to ensure the website is secure.

5. Ensure your software and systems are updated regularly 

Having software that secures your organisation from ransomware is crucial, however, many organisations do not keep their software and systems updated. This causes the software and systems to become vulnerable to cyberattacks such as ransomware. 

Software or system updates ensure that you have the latest security patches which makes it difficult for cyber criminals to exploit those vulnerabilities in your organisation’s systems and software.

 

Key Takeaways

The incident faced by City Power signified the drastic impact a ransomware attack can have on the reputation and performance  of your company. With the recent spike in ransomware attacks, organisations including their employees must be proactive in protecting themselves.

 

Are you ready to find out how mature your IAM program is? Simply click the button below to take our FREE online maturity assessment.

A technology and cybersecurity analyst at Cyber Sentinel specialising in identity and access management and digital risk. Kuda's analysis and research provides insight for organisations to navigate through the current cybersecurity landscape and remain competitive.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.