everest attacks South Africa Electricity company

Incident Date:

March 18, 2022

World map



everest attacks South Africa Electricity company


South Africa Electricity company




Reuven, South Africa

Johannesburg, South Africa

First Reported

March 18, 2022

City Power Ransomware Attack

City Power, a South African electricity company, has been targeted by the ransomware group Everest. The attack was announced on the group's dark web leak site. City Power operates in the Energy, Utilities & Waste sector and is known for its commitment to providing reliable electricity services to its customers.

City Power is a significant player in the South African energy market, serving a large customer base. The company's size and industry position make it an attractive target for threat actors seeking to exploit vulnerabilities in critical infrastructure.

The ransomware attack on City Power is part of a broader trend of cyberattacks targeting the energy sector. In recent years, water and wastewater treatment facilities have been particularly vulnerable to ransomware attacks, with major providers in the United States and United Kingdom reporting network breaches and data leaks.

The specific vulnerabilities that led to City Power's attack are not publicly disclosed. However, ransomware groups often exploit known vulnerabilities in software or hardware, or they use social engineering tactics to gain access to systems. In the case of Everest, the group has been known to use a variety of attack methods, including callback phishing and exploiting software vulnerabilities.

City Power has not released a statement regarding the attack or its response. It is unclear whether the company has paid the ransom demanded by Everest or if it has successfully mitigated the damage caused by the attack.

The ransomware attack on City Power underscores the need for robust cybersecurity measures in the energy sector. As critical infrastructure providers, energy companies must prioritize cybersecurity to protect their systems and customers from potential disruptions and data breaches.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.