Is there no plan B, ask City Power clients after ransomware virus strikes utility

City Power customers were left fuming after the company was hit by a ransomware virus that encrypted its computer databases, applications and network - affecting those wanting to buy electricity.

Lucky Pule told TimesLIVE that he started phoning City Power at around 6.30pm on Wednesday to ask what the problem was after trying unsuccessfully to buy electricity.

He said it was "very frustrating" being told to "follow normal procedure and log a fault".

"They do not take pre-paid users seriously and clearly they do not mind the loss in income. I can do with a day or two without electricity but can they do without my business?

"They do not respond to any of our queries nor give us plan Bs. There should always be another way of loading if they are hit with a virus," Pule said.

What is ransomware?

Generally speaking, it is a type of malicious software designed to block access to a computer until a sum of money (ransom) is paid. It effectively holds the data “hostage” until individuals, or organisations, pay.

Hein Alberts from Cyanre, the digital forensic lab, said he was not aware of the strain of ransomware encountered by City Power but, generally speaking, it could infect computers in various ways.

These could include, for example, via an email sent with an attachment, a malicious link sent to a user, visiting a website that had malicious adverts or infected applications that were downloaded on to a machine.

Most ransomware is capable of spreading on a computer network. It then encrypts the data stored on the hard drive – effectively holding it hostage.

Depending on the strength of the encryption used, some data can be recovered but in cases where strong encryption is used it may not be recovered.

Organisations that have a back-up of the “stolen” data may be able to restore the affected information without paying a ransom.  

What to do if infected?

Alberts suggested removing the infected machine from the network to limit the risk of further spread and contacting an incident response team or IT security team to assist.

Generally speaking, a ransom should not be paid unless there was no alternative, as there was no guarantee an attacker would actually hand over the decryption keys.

Contact the relevant authorities, he said.