ECG systems hacked with ransomware – Sources
For about five days now some customers of the largest electricity seller in the country, Electricity Company of Ghana (ECG) have been unable to buy power and others have had their power off for days without respite, because some sections of the company’s systems have been hacked, ghanabusinessnews.com has been told by people familiar with the crisis.
According to these sources who have asked not to be named because they say it is a sensitive matter bothering on potential national security, some sections of the ECG project site situated near the Kwame Nkrumah Circle in Accra has been infiltrated by ransomware, and the hacker or hackers have changed the source code and taken control of parts of the server.
An ethical hacker who also didn’t want to be named said a ransomware is a type of virus that hackers who have access to a server would introduce and create a C2C or command and control centre.
“They then establish control of your server at their end and encrypt all your data with public and private keys and then initiate negotiations for money,” the ethical hacker said.
The ethical hacker also said to assure their victims that they have hacked into their servers, hackers would ask the victim to send them some of the encrypted files to decrypt as proof.
Another source says, the hackers have encrypted sections of the ECG system crippling it from functioning. “The hacker or hackers have encrypted the system and the system is now demanding that a code is entered to decrypt it,” the source said.
It is not known yet how the hacker or hackers got access to the ECG servers.
The ECG reportedly works with about 14 independent service providers, but these providers do not have access to the ECG servers remotely, unless they go on site or ECG itself creates a virtual private network (VPN) for them to be able to work off site.
While ECG officials haven’t spoken specifically on the extent of cyber attack, the puzzle being resolved now is to figure out how the hacker or hackers gained access to the ECG servers, because according to the ethical hacker, it’s the first step to introducing the ransomware into the server.
“There are however ways to take back control, if ECG has backups. But from the way the crisis has gone on for this long I get the impression that either ECG has backups on the same server or they don’t have backups at all,” the ethical hacker said.
Another anonymous source said another way ECG can resolve the issues is to restart its system, in which case it would lose all it’s files and logs, and then re-register all the customers on the system.
“They however need the logs to trace the issue and to find the hackers, so that is not an option,” the source said.
Other sources have said there are ransomware experts in Ghana who will be able to resolve the issues if they are able to locate the payload which the hackers might have put on the ECG system and do reverse engineering if the payload is one of those sold and bought online and are not strong like custom made ransomware.
The ECG has been designated a critical infrastructure by law because of its significance to lives. Critical infrastructure around the globe have become targets for ransomware attacks in recent times.
Mr Charles Nii Ayiku Ayiku, General Manager in charge of external communications at the ECG told Ghana Business News that while he doesn’t have any information of hacking or attack on the systems, said they have technical challenges, adding that the ECG has stabilised its district offices and they are able to sell power to consumers. The systems for third-party vendors however, he says are still unstable.
He also stated that the ECG has extended its working hours to ensure that all customers who have been affected by the situation can buy power.
Meanwhile, National Security and Cybersecurity officials have been working with the company to find resolution to the crisis.
By Emmanuel K. Dogbevi
Copyright ©2022 by NewsBridge Africa
All rights reserved. This article or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of the publisher except for the use of brief quotations in reviews.