Johannesburg Power Company Crippled by Devastating Ransomware

July 25, 2019 1:26 PM UTC

South Africa’s state-owned power company, Eskom Holdings, has become the latest victim of the crippling ransomware attacks that have roiled governments around the world.

Eskom Holdings Confirms Ransomware Attack

According to the Johannesburg city government’s official Twitter account, the division supplying electricity to the country’s economic capital has had its systems encrypted and held hostage, “impacting most of our applications and networks.”

The attack devastated City Power’s IT systems, but at least power generation and supply remain unaffected. This will be a relief to the public utility, which has been rocked by a series of blackouts over the past few months.

Regardless, the fact that a ransomware attack could ground the IT operations of the most important city in Africa’s most developed economy will not be lost on cybercriminals.

To Pay or Not To Pay

Notably, Eskom declined to reveal specifics about the hackers’ ransom demands or whether it plans to pay the ransom.

In a tweet, City Power Johannesburg stated that its engineers are “cleaning and rebuilding all impacted applications.”

The reasoning may be that since the affected areas are not core Eskom systems relevant to power generation and distribution, the company can afford to take the loss that comes with a hard reset.

Other government agencies have not been so lucky.

In May, reported that the city of Baltimore was attacked by ransomware for the second time in the space of 12 months. The attackers demanded 13 BTC (~$130,000 at today’s bitcoin price) to decrypt the systems. City authorities refused to pay up, but the recovery cost the government nearly $20 million.

Ransomware Attacks Are Getting Worse

Researchers warn that ransomware attacks are getting worse, with the average ransom demanded doubling to nearly $13,000 from $6,700 last year.

Another study by ProPublica showed that most ransomware “recovery” firms usually just negotiated with the hackers, pay them off while charging a premium fee for recovery.

One common denominator with these ransomware attacks is that hackers demand to be paid in bitcoin or monero, because of their perceived secrecy.

Unsurprisingly, this has added more fuel to the anti-crypto regulatory stance held by some governments like India.

Last modified: July 2, 2020 8:29 PM UTC


I am a busy Nigerian writer, journalist and writer with an interest in tech and finance. When I'm not contributing to CCN and traveling around Africa, you can catch me contributing to CNN Africa, or in the writers room at 'The Other News', Nigeria's weekly answer to 'The Daily Show' with nearly 2 million viewers. My work on 'The Other News' was featured in the New Yorker Magazine, and that was then cited in the Washington Post so I'm not sure that counts as a feature but I'll definitely mention it too! I have been nominated by the US State Department to take part in the 2019 Edward R. Murrow Program for journalists under the International Visitors Leadership Program. I also like hamsters. You can reach me on Twitter at _David_Hundeyin