The Trade Union Congress (TUC) Public Utilities Workers Union (PUWU) have refuted Vice President Dr. Mahamudu Bawumia’s claim that ECG employees undermined the government’s efforts to digitize revenue collection.
During the May 9 Annual AGM of Anti-Corruption Agencies in Africa, Dr. Bawumia asserted that some ECG IT unit employees had installed ransomware in order to prevent the system from operating as intended.
He claimed that the ransomware was the reason the system crashed and that national security action was necessary to find the employees who had sabotaged the system.
On Monday, May 13, the PUWU released a statement, calling the Vice President’s assertions “inaccurate and misleading.”
The Vice-President’s claim that the incident was a planned action by ECG employees to obstruct a project that would benefit the company and Ghana further disappointed the Union.
According to the statement, EOCO started a forensic audit on the ECG Power App in September 2022 and requested access to the databases, backend prepayment system credentials, API documentation, and source code for the custom power app.
The Union implied that there were other individuals who had access to ECG’s ICT infrastructure by pointing out that EOCO hired outside IT specialists for the project.
As required by law, the Union stated that the first ransomware attack, which happened on September 28, 2022, was reported to the Cyber Security Authority.
It stated that the National Security assumed control of the ECG ICT system after the attack, which was viewed as a threat to national security.
“In the midst of the takeover, the second and most severe of the ransomware attacks occurred on the 11th November 2022, at the time the National Security personnel had both full physical access and software administrative rights to all ECG systems. The National Security arrested and detained some ECG ICT staff for days but were later released.”
However, the Union emphasized that the ECG ICT staff took the lead in the system recovery effort, working day and night to get the systems back up and even helping National Security agents use the ECG systems with help from E-crime Bureau, a cybersecurity company that the ECG Board invited.
“In all these cases, the systems were restored with the major assistance by the ECG ICT staff. It is therefore factually inaccurate that National Security came in to recover the system, as reported by His Excellency the Vice President.”