everest attacks South Africa Electricity company
Incident Date:
March 18, 2022
Overview
Title
everest attacks South Africa Electricity company
Victim
South Africa Electricity company
Attacker
Everest
Location
First Reported
March 18, 2022
City Power Ransomware Attack
City Power, a South African electricity company, has been targeted by the ransomware group Everest. The attack was announced on the group's dark web leak site. City Power operates in the Energy, Utilities & Waste sector and is known for its commitment to providing reliable electricity services to its customers.
City Power is a significant player in the South African energy market, serving a large customer base. The company's size and industry position make it an attractive target for threat actors seeking to exploit vulnerabilities in critical infrastructure.
The ransomware attack on City Power is part of a broader trend of cyberattacks targeting the energy sector. In recent years, water and wastewater treatment facilities have been particularly vulnerable to ransomware attacks, with major providers in the United States and United Kingdom reporting network breaches and data leaks.
The specific vulnerabilities that led to City Power's attack are not publicly disclosed. However, ransomware groups often exploit known vulnerabilities in software or hardware, or they use social engineering tactics to gain access to systems. In the case of Everest, the group has been known to use a variety of attack methods, including callback phishing and exploiting software vulnerabilities.
City Power has not released a statement regarding the attack or its response. It is unclear whether the company has paid the ransom demanded by Everest or if it has successfully mitigated the damage caused by the attack.
The ransomware attack on City Power underscores the need for robust cybersecurity measures in the energy sector. As critical infrastructure providers, energy companies must prioritize cybersecurity to protect their systems and customers from potential disruptions and data breaches.
Sources
- City Power Website: https://www.citypower.co.za/
- BlackFog Report on Ransomware Attacks: https://www.blackfog.com/what-we-know-about-the-moveit-exploit/
- CTV News Article on Cybersecurity Briefing: https://www.ctvnews.ca/sci-tech/feds-aimed-secret-cybersecurity-briefing-at-energy-sector-executives-memo-1.6660602
- The Record Article on Paris Wastewater Agency Attack: https://www.therecord.media/paris-wastewater-agency-hit-cyberattack
- BankInfoSecurity Article on Ransomware Attacks on Water Providers: https://www.bankinfosecurity.com/ransomware-on-tap-as-major-water-providers-fall-victim-a-24174
- Trend Micro Report on Royal Ransomware: https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-royal
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.