back to article South Africans shivering in the dark after file-scrambling nasty hits Johannesburg power biz

The city of Johannesburg in South Africa is battling to get electricity to some customers left in the dark by a ransomware infection. Utility company City Power today confirmed news reports that file-scrambling malware had invaded and knackered its systems. That infection basically prevents pre-paid customers from refilling …

  1. whitepines
    Facepalm

    Why, oh why is Windows (or indeed any consumer stuff from Intel or AMD) still being used for critical systems where lives are on the line (heat and cold are among the largest natural killers in the developed world, and stable access to electricity is required to mitigate them)? When will governments learn they shouldn't be relying on an unstable, beta-quality product for such key systems?

    I'm more surprised we haven't seen power outages due to a bad Windows 10 update being deployed by Microsoft. Maybe that's next...

    1. Sandtitz Silver badge

      "Why, oh why is Windows (or indeed any consumer stuff from Intel or AMD)"

      Where in the article did you read about Windows, Intel or AMD?

      1. whitepines
        Holmes

        Elementary, dear Watson. The lack of anything calling this out as a Linux or Mac malware strain (which would be notable indeed) means it's probably run of the mill Windows. Which only runs on Intel/AMD (hence "Wintel"), and the rest can be deduced directly.

      2. Anonymous Coward
        Anonymous Coward

        I'm not aware of any ransomware that targets Linux servers.

        Nor is it likely in South Africa that they have the skill in this sector to deploy anything else other than Windows.

        My guess is the systems are probably old Windows XP / Server 2003 based boxes.

        1. grumpy-old-person

          Just in SA?

          Like everywhere else Windows is often deployed (even when the alternative is probably better).

          I am distrustful of most "digital security" as it is usually an afterthought (bolted on after the disaster) or badly thought through in the first place - and I have experience where the resistance to good security is fueled by "convenience".

          All it takes is ONE slip to let the bad boys in!

          Sad to SA that SA has had good computer people for many, many decades but the "brain drain" is fast depleting the pool.

    2. GFK1

      To be fair, looks like the power outage is due to billing systems being affected, not actual critical systems. Not in the least unusual for those to be Windows. Less excuse not to patch either though.

      Bit of a moot point to those sitting in the dark freezing to death, mind you.

      1. the future is back!

        Freezing burning

        I disembarked from a Rhine River cruise two days ago. We enjoyed? a day of 104°F heat. Talking to another passenger over a cold bier, he said he’d just gotten email from “home” SA as it turns out and how it was “freezing back home.”

    3. phuzz Silver badge

      The OS doesn't make much difference (and the CPU makes even less). This wasn't some elite hacker using some kind of 0day, it was blatantly a user clicking on an attachment, not realising it was malware.

      You could have the most secure system in the world, but if you allow a user to choose to run arbitrary binaries, then ransomware will be possible. You don't need to use an obscure CPU bug like meltdown/spectre to access a user's files because (obviously) a user will always have access to their own files.

      Sure, a good sysadmin will prevent their users from running random executables, and they should also have a working fucking backup system. But absent a good sysadmin, any OS/CPU in the world won't stop a ransomware attack.

      1. Palpy

        OS makes no difference --

        -- unless, of course, the phishing attack loads binaries that can't run on that OS (Haiku OS). Or, for that matter, if the OS uses VMs set up to make system-wide attacks very difficult (Qubes OS). But obviously businesses must run commonly-compatible business software, so getting wild and crazy with your choice of OS is not the first option.

        Yet.

        In five years, ten years, perhaps anything web-facing will be so rife with threats that it will make IT departments resort to running Qubes (or something like it) as a framework, with users relegated to a tightly controlled VMs -- whether the user wants to run Windows, Linux, BSD, or whatever. Perhaps.

      2. Anonymous Coward
        Anonymous Coward

        Eeeeh....99% right.

        I've done a lot of ransomware cleanups (I changed my name by deed poll to Mr Plan B, because I found myself helping a few businesses out when their sysadmins failed).

        There was a ransomware strain that came through a remote desktop vulnerability and another that used an SMB vulnerability. I've also see malware come through MSSQL too.

        It's usually users, but not always. Sometimes it's wanky sysadmins. By wanky I mean unassertive...you don't highlight an issue, get refused money to fix it, then leave it because "muh budget". You lock it down to fuck until the CEO has the problem land on his desk.

        When the CEO starts losing time, budgets magically appear.

        My favourite is scheduling a meeting to discuss backups and suggest a test and highlight the amount of downtime required (even if there is none, tell them half a day "just a precaution").

        Nobody cares if you're wasting huge amounts of time backing things up, but everyone cares when you're wasting their time testing it.

        Remember kids, it's rare to be fired for doing your job right and being an inconvenient arsehole isn't an exclusive privilege reserved for CEOs. As IT guys we can throw as much weight around as they can.

        If you need more tips on handling your boss, read some Dilbert.

  2. sanmigueelbeer
    FAIL

    Tsk, tsk, tsk ... They just don't learn, do they?

    These are not medical equipment we're talking about. I don't believe the excuse of "we can't patch these" is going to fly this time around.

  3. Anonymous Coward
    Anonymous Coward

    This looks like the prepaid credit vending systems being down. Not quite as critical as the grid itself, as people can continue to use electricity until their pre-paid credit runs out.

    I was involved in developing prepayment systems in SA, but I don't think CityPower was a customer of ours.

    At the time (early 2000s) vending terminals were Windows based (like most POS systems). I don't know whether this was by customer demand, or due to the absence of a high-productivity GUI development environment for Linux. Also, affordable database options were thin on the ground (MySQL was then very immature).

    But I know that since then most STS prepayment vending has moved to online systems, i.e. centralised servers interacting with lightweight front-ends. No need for full-fat Windows applications, and anyone who runs a serious on-line system under Windows should be shot.

    Given the amount of corruption in tender processes in SA, this has got me wondering which of the prepayment companies supplied the system and just how dodgy they are.

    1. diodesign (Written by Reg staff) Silver badge

      "the prepaid credit vending systems being down"

      Ah, yes. We'll make that clearer in the opening sentences.

      C.

    2. Anonymous South African Coward Silver badge

      Given the amount of corruption in tender processes in SA, this has got me wondering which of the prepayment companies supplied the system and just how dodgy they are.

      You guys have NO idea. Excellent opportunity for enrichment.

      We also have no idea how deep the rabbit hole goes.

  4. Anonymous Coward
    Anonymous Coward

    Did they pay?

    I hope not, but I suspect they did. That just encourages more ransomware attacks. If everyone quit paying it will no longer be profitable and the ransomware attacks would end.

    1. Claverhouse

      See Katrina, or Flint Michigan

      And if every blackmail victim simply said: 'Publish and be damned' a la Milor Wellington, and instantly suffered the embarrassing material to be let loose to their family and the public, blackmail might stop.

      Not gonna happen though.

      .

      On another note I know little of South African politics, but if the governors are anything like Blair/Cameronians, or Bushobamaites, they'll be falling all over themselves to help the poorer sort of people on Pay-As-You-Go.

      1. Andre 3

        Re: See Katrina, or Flint Michigan

        On another note I know little of South African politics, but if the governors are anything like Blair/Cameronians, or Bushobamaites, they'll be falling all over themselves to line their pockets

        FTFY.

        1. Anonymous South African Coward Silver badge

          Re: See Katrina, or Flint Michigan

          On another note I know little of South African politics, but if the governors are anything like Blair/Cameronians, or Bushobamaites, they'll be falling all over themselves to line their pockets

          BINGO. Nasty pocketses comes first, service follows after.

  5. sanmigueelbeer
    FAIL

    Meanwhile, over at Louisiana ...

    More recently, at least one person in the IT department of Lace City, Florida was out of a job after officials caved in and paid the Bitcoin demand from ransomware operators in that city.

    Don't forget Louisiana.

  6. Tigra 07

    "therefore leaves them without electricity if their account balance falls too low."

    This bit sounds like a feature. Is this definitely an infection, or a bad update from the power company?

  7. Anonymous Coward
    Anonymous Coward

    Emotet/Trickbot/RYUK

    A large scale outbreak of this group of malware is starting to cause widescale grief.

    If folk segregated their networks and used heuristic based AV, 2Fa and mail scanning technologies they will defeat this.

    Those that are behind in cyber security defences are getting stuffed with them.

  8. Anonymous South African Coward Silver badge

    What about ransomware scum targeting the tax collector successfully, and destroying a ton of data in the process? Will they still be scum, or will they be heroes?

    1. IGotOut Silver badge

      They will be heroes, until public services shut down and people realise what taxes actually pay for.

  9. Anonymous South African Coward Silver badge

    Apparently most of the systems have been restored successfully.

    To me it seems as if some brainiac had RDP open to the WWW and Bluekeep decided to drop in and say "Hello".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like