Your Claims ECG Staff Sabotaged Paperless System Unfounded and Damaging – PUWU Slams Bawumia

“In the midst of the takeover, the second and most severe of the ransomware attacks occurred on the 11th November 2022, at the time the National Security personnel had both full physical access and software administrative rights to all ECG systems. The National Security arrested and detained some ECG ICT staff for days but were later released.”

The Public Utilities Workers Union (PUWU) of the Trade Union Congress (TUC) has challenged Vice President Dr Mahamudu Bawumia’s claims that officials of the Electricity Company of Ghana (ECG) deliberately sabotaged the government’s digital revenue collection efforts.

Dr Bawumia, speaking at the Annual AGM of Anti-corruption Agencies in Africa on May 9, alleged that certain IT unit staff at ECG introduced ransomware to disrupt the paperless system’s operations, necessitating national security intervention.

However, in a statement issued on Monday, May 13, 2024, PUWU refuted the Vice President’s assertions as “inaccurate and misleading.”

The statement signed by the General Secretary of PUWU, Michael Adumatta Nyantakyi expressed disappointment over Dr. Bawumia’s implication that the incident was a deliberate act by ECG staff to obstruct a project beneficial to the company and Ghana.

“The accusations of sabotage and resistance to digitalization are not only unfounded but also damaging to the morale and reputation of our hardworking members. The ECG ICT department has been at the forefront of digitalizing revenue collection for decades, a fact that seems to have been overlooked. The sophisticated ransomware attack attributed to internal sabotage has been proven to be the work of an international cybercriminal group (Lockbit), which further exonerates our members from such erroneous claims,” the statement read.

PUWU highlighted that in September 2022, the Economic and Organised Crime Office (EOCO) initiated a forensic audit on the ECG Power App, involving third-party IT professionals. This implied that ECG IT staff were not the sole individuals with access to the company’s ICT infrastructure.

Regarding the ransomware attacks, PUWU clarified that the first incident occurred on September 28, 2022, and was promptly reported to the Cyber Security Authority. Subsequently, National Security took control of the ECG ICT system after deeming the attack a national security threat.

The Union stressed that during the period of National Security’s oversight, a more severe ransomware attack transpired on November 11, 2022.

“In the midst of the takeover, the second and most severe of the ransomware attacks occurred on the 11th November 2022, at the time the National Security personnel had both full physical access and software administrative rights to all ECG systems. The National Security arrested and detained some ECG ICT staff for days but were later released.”

PUWU highlighted the crucial role played by ECG ICT staff in system recovery efforts, with assistance from the E-crime Bureau, a cybersecurity firm invited by the ECG Board.“In all these cases, the systems were restored with the major assistance by the ECG ICT staff. It is therefore factually inaccurate that National Security came in to recover the system, as reported by His Excellency the Vice President.”

AGManti-corruptionclaimscybercriminalDamagingDr. Mahamudu BawumiaECG StaffEOCOPaperlessPUWUSabotagedslamssystemunfoundedVice-President