Electric Utility in Johannesburg Suffers Ransomware Attack

Delaware, USA ā€“ July 26, 2019 ā€“ Yet another ransomware attack targeting the urban infrastructure happened in South Africa threatening to cut off electricity to many Johannesburg residents. Systems of utility company City Power were encrypted by unknown threat actors making it impossible for prepaid users to buy electricity. The adversaries chose the perfect moment to attack, because on the one hand it is the cold weather in Johannesburg and the residents of the city have high electricity consumption, and on the other hand, most users buy electricity at the end of the month. This attack also impacts the owners of solar panels, who lost the opportunity to sell surplus electricity. The company is owned by the City of Johannesburg, but the rest of the cityā€™s systems were not affected, the authorities also claim that the usersā€™ personal data was not compromised. At the moment, City Power continues to restore systems after the incident and their website is still not working.

Cybercriminals also do not forget to attack several easy targets in the United States. This week, Louisiana governor declared a state of emergency because of cyberattacks on school districts, which resulted in school systems in Sabine, Morehouse, and Ouachita were locked by ransomware. The Emergency Declaration enables experts from various state agencies to engage in data recovery and enhancing the security of schools to resist future cyber attacks. Earlier this month, adversaries encrypted systems in New York Cityā€™s Monroe College demanding 170 bitcoins for data recovery. It is not known what groups are behind all these attacks, but in recent months most of the attacks on urban infrastructures have been carried out by Ryuk and MegaCortex cybergangs.

Content available on Threat Detection Marketplace:
MegaCortex Malware Detector (Sysmon Behavior) ā€“ https://tdm.socprime.com/tdm/info/2266/
Ryuk Ransomware Detector (Sysmon Behavior) ā€“ https://tdm.socprime.com/tdm/info/2298/
Emotet Trojan detector (Sysmon) ā€“ https://tdm.socprime.com/tdm/info/1279/
Qakbot New Obfuscation Techniques ā€“ https://tdm.socprime.com/tdm/info/2232/