Lessons to be learnt from City Power’s crippling ransomware attack

The ransomware attack that has crippled City Power’s IT systems, leaving prepaid electricity users unable to top up, holds valuable lessons for companies about disaster management and backup, a Swiss-based software specialist has said.

Kate Mollett, regional manager for Africa at Veeam Software, which develops backup, disaster recovery and cloud-based solutions, said on Thursday that ransomware incidents, data breaches and attacks have become a daily threat.

“The reality is that these attacks can happen against any business, in any industry, at any geographic location. From small start-ups all the way through to large multinationals, no company can consider itself safe — no one is ever 100% secure,” Mollett said.

City Power, which provides electricity to the City of Johannesburg, said earlier on Thursday that it was hit by a ransomware virus that had crippled its systems.

The company said in a series of tweets that the virus had “encrypted our databases, applications and network”.

It said its IT department is “cleaning and rebuilding all impacted applications”.

“Customers may not be able to visit our website and may not be able to buy electricity units until our ICT department has sorted the matter out,” it said.

‘3-2-1 rule’

Mollett said businesses should follow what she calls the “3-2-1 rule” to try to avoid such crises.

“This rule states that organisations must have at least three copies of their data, store the copies on two different types of media, and keep one backup copy offsite. By following this approach, organisations will always have an available and usable backup of their data and systems,” she said.

“Taking preventative action is always better than being caught on the back foot and scrambling to recover.”

Employees should be educated on best practices and have the right system updates to protect against breaches. “Offsite and offline backups not only mitigate the effects of ransomware, but when combined with the right security suite and employee awareness training can help prevent the problem altogether.

“Downtime is not just an IT problem — it’s the entire leadership team’s problem.” — (c) 2019 NewsCentral Media