South Africa’s state-owned power company, Eskom Holdings, has become the latest victim of the crippling ransomware attacks that have roiled governments around the world.
Eskom Holdings Confirms Ransomware Attack
According to the Johannesburg city government’s official Twitter account, the division supplying electricity to the country’s economic capital has had its systems encrypted and held hostage, “impacting most of our applications and networks.”
The attack devastated City Power’s IT systems, but at least power generation and supply remain unaffected. This will be a relief to the public utility, which has been rocked by a series of blackouts over the past few months.
Regardless, the fact that a ransomware attack could ground the IT operations of the most important city in Africa’s most developed economy will not be lost on cybercriminals.
To Pay or Not To Pay
Notably, Eskom declined to reveal specifics about the hackers’ ransom demands or whether it plans to pay the ransom.
In a tweet, City Power Johannesburg stated that its engineers are “cleaning and rebuilding all impacted applications.”
The reasoning may be that since the affected areas are not core Eskom systems relevant to power generation and distribution, the company can afford to take the loss that comes with a hard reset.
Other government agencies have not been so lucky.
In May, CCN.com reported that the city of Baltimore was attacked by ransomware for the second time in the space of 12 months. The attackers demanded 13 BTC (~$130,000 at today’s bitcoin price) to decrypt the systems. City authorities refused to pay up, but the recovery cost the government nearly $20 million.
Ransomware Attacks Are Getting Worse
Researchers warn that ransomware attacks are getting worse, with the average ransom demanded doubling to nearly $13,000 from $6,700 last year.
Another study by ProPublica showed that most ransomware “recovery” firms usually just negotiated with the hackers, pay them off while charging a premium fee for recovery.
One common denominator with these ransomware attacks is that hackers demand to be paid in bitcoin or monero, because of their perceived secrecy.
Unsurprisingly, this has added more fuel to the anti-crypto regulatory stance held by some governments like India.