Queensland, Australia, government-owned energy generator CS Energy continued to generate electricity and feed it into the grid since the November 27 ransomware attack and has “systems and safeguards [with] layers of separation and protection, which enabled it to contain and protect its critical infrastructure.”

“Upon becoming aware of the incident, we quickly took further assertive action to physically separate the two environments,” said Chief Executive Andrew Bills. “We continue to progressively restore our systems and are working closely with cyber security experts and relevant state and federal agencies.”

RELATED STORIES

The incident occurred on CS Energy’s corporate network and did not have an impact on electricity generation at the Callide and Kogan Creek power stations, officials said. Those stations are continuing to generate and dispatch electricity into the National Electricity Market.

“We immediately notified relevant state and federal agencies, and are working closely with them and other cyber security experts,” Bills said. “We have contacted our retail customers to reassure them that there is no impact to their electricity supply and we have been regularly briefing employees about our response to this incident.

“Unfortunately, cyber events are a growing trend in Australia and overseas. This incident may have affected our corporate network, but we are fortunate to have a resilient and highly skilled workforce who remain focused on ensuring CS Energy continues to deliver electricity to Queenslanders,” he said

“Upon becoming aware of the incident, we quickly took further assertive action to physically separate the two environments,” Bills said.

Bills added there was currently no indication that the cyber incident was a state-based attack.

“We continue to progressively restore our systems and are working closely with cyber security experts and relevant state and federal agencies.”

Australia’s National Electricity Market is designed to ensure there is enough power generation and network capacity to securely meet customer demand, even in the event of unexpected outages of transmission lines and generators.

The ransomware group known as Conti, meanwhile, named CS Energy on its web site for shaming victims and sometimes leaking their data.

“Conti listed CS Energy on its leak site which, obviously, would indicate that one of its affiliates was responsible for the attack,” Brett Callow, a threat analyst at security firm Emsisoft said in a Reuters report.

“Conti is believed to be a Russia-based cybercrime operation,” Callow said, “so it would appear that the attack on CS Energy is simply an addition to the ever-expanding list of financially motivated ransomware attacks.”

Like some other ransomware groups, Conti splits proceeds with affiliates who break into targets before installing its program for encrypting computer files and referring victims to Conti for negotiating payments in cryptocurrency.


Associated Incidents

  • November 27, 2021: CS Energy Hit In Ransomware Attack

Associated Malware

 

Pin It on Pinterest

Scroll to Top