Australia’s CS Energy reports ransomware attack
Queensland energy company CS Energy is the latest to report a cybersecurity incident on its ICT network on November 27.
The incident, a ransomware attack on CS Energy’s corporate network, has, according to the latest reports, been attributed to the Russian speaking ransomware gang known as Conti – well known for such incidents and regarded as one of the more ruthless of such operations.
Quoted by Reuters, Brett Callow, a threat analyst at New Zealand security company Emsisoft, said that Conti listed CS Energy on its leak site which would indicate that one of its affiliates was responsible for the attack.
“Conti is believed to be a Russia-based cybercrime operation, not a China-based APT, so it would appear that the attack on CS Energy is simply an addition to the ever expanding list of financially motivated ransomware attacks.”
Have you read?
Ransomware – the growing cybersecurity scourge
Proactive measures to cyber-secure utilities
Initial reports attributed the attack to China, although in a statement from CS Energy, CEO Andrew Bills said there was currently no indication that it was a state-based attack.
CS Energy is a Queensland state-owned energy company that generates and supplies wholesale electricity, while a 50-50 joint venture with Alinta Energy supplies electricity to residential and small commercial customers in the south east of the state.
While full details of the incident have obviously not been released, statements from the company indicate that it has not impacted electricity generation at its power stations, which have continued to generate and dispatch electricity into the National Electricity Market.
“CS Energy moved quickly to contain this incident by segregating the corporate network from other internal networks and enacting business continuity processes,” Bills said, adding that there were immediate notifications to the relevant state and federal agencies.
In the December 8 statement, Bills said the company was continuing to progressively restore its systems and was working closely with cyber security experts and relevant state and federal agencies.
In a September alert, the US Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation state having observed the increased use of Conti ransomware in more than 400 attacks on US and international organisations.
