City Power, a provider of pre-paid electrical power for Johannesburg has been hit by ransomware which has left some city residents without any power.

Ransomware is a growing global problem, and while many attacks are indiscriminate or opportunistic, we've seen an increase in attacks against specific targets like schools and cities. The cyber criminals are also getting more bold with their demands, asking for higher payment - and in some cases being successful. Like when Florida City paid $600,000 in ransom, which was followed a week later by Lake City paying a ransom of nearly $500,000.

The Board of City Power convened an urgent meeting on Thursday evening following the cyber attack on our Information Technology systems and applications which disrupted operations for most of Thursday. The Board leads the recovery and restoration efforts. — @CityPowerJhb (@CityPowerJhb), July 26, 2019

It's unclear whether City Power is considering paying a ransom, or recovering systems themselves while implementing manual workarounds. Either way you look at it, the impact is huge. Which is why ransomware in particular is a case where prevention is definitely better than cure.

South Africa President Cyril Ramaphosa delivered his State of the Union address on June 20 and laid out his plans for smart cities in a digital strategy for South Africa. So,. while South Africa may not have been an attractive target for cyber criminals in the past, this kind of rapid digitalisation makes it an attractive target.

This is backed up by several reports, including Kaspersky lab, who earlier this year stated that on average, over 13,000 attempted cyber-attacks occur in South Africa every day. World Wide Worx also published findings in which more than a third of South African business leaders expected a cyber attack and the overwhelming majority were still running outdated security software.

Therefore, African should be wary of ransomware attacks and have contingency plans in place to recover. For prevention, companies should ensure technical controls are in place, such as closing off RDP access from the internet, ensuring all systems are up to date and patched.

Perhaps more importantly than that, user training is key. With the majority of ransomware attacks coming in via phishing attacks, putting users through security awareness training will teach them to spot phishing emails intent on infecting their machine and keep themselves (and the organisation) safe.

Author: Javvad Malik
Security Awareness Advocate