A major cybersecurity breach has hit Ikeja Electric, Nigeria’s largest power distribution firm, following a sophisticated ransomware attack that has reportedly compromised critical systems and sensitive data.
The attack, linked to a threat group identified as ByteToBreach, is believed to have infiltrated the company’s corporate network, disrupting key operations, including customer billing and energy metering systems.
Preliminary investigations indicate that the ransomware spread across more than 50 systems by exploiting vulnerabilities within the company’s virtual infrastructure, particularly its ESXi hosts and vCenter clusters. Analysts say the scale of the intrusion suggests a well-coordinated and highly advanced operation.
Reports also reveal that significant volumes of sensitive data may have been extracted during the breach. This includes customer records, employee details, internal databases, and even proprietary application source codes.
Cybersecurity experts have raised concerns over a possible full compromise of the company’s identity management systems. Attackers are believed to have accessed the organisation’s Active Directory, mapping its structure and obtaining employee login credentials, potentially granting them extensive internal control.
Disruption to Billing and Metering Systems
The breach has reportedly affected core energy management systems, with claims that metering platforms from multiple providers—including Siemens and other manufacturers—were disabled.
This development could significantly disrupt electricity billing processes, raising fears of inaccurate charges or a temporary shift to estimated billing for customers.
There are also indications that high-level administrative access was compromised, including critical service accounts and possibly executive-level credentials.
Backup Systems Also Affected
Efforts to contain and recover from the attack may be complicated by indications that backup systems were also targeted. Platforms used for data recovery appear to have been infiltrated, which could delay restoration and prolong operational disruptions.
Experts Call for Urgent Action
In response, cybersecurity specialists are recommending immediate containment measures, including isolating affected network environments to prevent further spread of the ransomware.
They also advise a full reset of corporate credentials and a comprehensive security audit to restore system integrity.
As of the time of reporting, Ikeja Electric has not issued an official statement on the incident. Customers and stakeholders have been urged to remain alert as investigations continue.
