The Public Utilities Workers Union (PUWU) says they are fully aware of several attempts by key stakeholders to push for the privatisation of the Electricity Company of Ghana (ECG) and the deliberate attempts to give it a bad name and hang it.

In a statement issued on Monday, May 13, the General Secretary of the Union, Michael Adumatta Nyantakyi urged, “key stakeholders to refrain from disparaging our hardworking members and instead recognise their contribution to national development, in the face of many challenges including the shortage of many critical resources for smooth operations.”

PUWU is fighting off allegations by Vice President Dr Mahamudu Bawumia that the ICT staff of ECG sabotaged the digitalisation of the payment system.

He said this in his speech during the Annual General Meeting of the African Anti-corruption Agencies on May 9.

According to Dr Bawumia, the ICT staff of ECG sabotaged the digitalisation of the payment system by putting a ransomware attack on the ECG ICT system and further demanding a ransom.

Read more: Bawumia accuses some ECG staff of using ransomware to sabotage paperless system

But the Union “respectfully disagrees” with the statement stating that the Vice President’s statement was “inaccurate and misleading.”

Explaining the sequence of events, the PUWU said in September 2022, the Economic and Organised Crime Office (EOCO) started a forensic audit on the ECG Power App.

The Office demanded the payment platform architecture, database, API documentation and the app customs source code, including the credentials to the backend prepayment system.

“EOCO did not use its internal staff but had to use third-party IT professionals for the assignment. Consequently, it was not only ECG IT staff who had access to the ICT infrastructure of ECG.

“Could the sharing of the source code with external parties compromise ECG network security in relation to the scale of the September 2022 attack?"

Explaining further, PUWU said, “The first ransomware attack occurred on September 28, 2022, which took a wide scope prompting the need to report the incident to the National Cybersecurity Authority, as required by regulation.

“The National Security thereafter took over the ECG ICT system as the attack was seen as a threat to national security.”

“In the midst of the takeover, the second and most severe of the ransomware attacks occurred on November 11, 2022, at the time the National Security had both full physical access and software administrative rights to all ECG systems. The National Security arrested and detained some ECG ICT staff for days but were later released.”

According to PUWU, it was the ECG ICT staff who used their system recovery and strategy to restore the system and assisted the National Security operatives on how to operate the ECG system.

"It is, therefore, factually inaccurate that National Security came in to recover the system, as reported by the Vice President," the Union said.

Read PUWU's statement below: