Cyber Incident Victim: Electricity Company of Ghana
Date:
Sep 2022
Location:
Ghana
Summary
A ransomware attack compromised systems at Ghana's primary electricity provider, disrupting services for customers who were unable to purchase power or experienced prolonged outages. Hackers infiltrated sections of the company's infrastructure, altering source code and seizing control of portions of the server. Sources described the incident as a potential national security concern, though operational specifics regarding the attack's resolution or ransom demands were not disclosed. The breach impacted critical operational functions, hindering customer transactions and service reliability.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late September 2022, the Electricity Company of Ghana (ECG), the country's largest electricity distributor, experienced a significant ransomware attack that disrupted core operations for approximately five days. The incident began around September 27, 2022, when unauthorized actors infiltrated sections of ECG's systems located near Kwame Nkrumah Circle in Accra. This cyber intrusion prevented numerous customers from purchasing electricity credits through the company's payment platforms, while other customers suffered extended power outages lasting multiple days without restoration. The operational paralysis persisted throughout the attack duration, creating widespread service interruptions across ECG's customer base. No technical details about outage distribution patterns or affected regions were specified in available reports.
The attackers deployed ransomware to compromise ECG's infrastructure, specifically altering source code and seizing control over portions of the organization's servers. This manipulation of critical systems prevented normal administrative and transactional functions. Sources familiar with the incident described the breach as involving infiltration of project site systems but did not identify specific applications or hardware affected beyond general server compromises. Internal stakeholders characterized the situation as a sensitive matter with potential national security implications due to ECG's essential role in national infrastructure. No ransom demands, payment status, or data theft claims were disclosed in initial reports. The company had not released public statements confirming restoration timelines or incident response measures at the time of reporting.