InQueensland

NEWS •⁠ POLITICS •⁠ BUSINESS •⁠ CULTURE

Get InQueensland in your inbox Subscribe

Russian hackers claim credit for CS Energy ransomware attack

Business

A notorious Russian hacking group has claimed credit for the ransomware attack on Queensland generator company CS Energy.

Print article

The attack, which occurred late last month, got as far as the company’s corporate system. There had previously been reports that the attack was from China, but CS Energy said there was no evidence it was a state-based attack.

Reuters reported that experts saying the attack on CS Energy was another in a long list of ransomware attacks using Conti, which is a cyber-crime action thought to be led by a Russia-based group that goes under the name of Wizard Spider.

While based in Russia it is not a formal part of the Russian Government, although there is speculation that it is often assisted by Russia and does not launch any attacks within the country.

Conti is described as “an extremely damaging malicious actor” because it of the speed with which it encrypts data and spreads to other systems. The operation relies on phishing, by putting to use an email that claims to come from a sender the victim trusts and uses a link to point the user to a maliciously loaded document.

Conti ransomware also uses a “double-extortion” technique, which not only encrypts the victims’ data and demands payment but also takes copies of the victims’ data, which the attackers will expose or sell if the victim refuses to pay.

Canadian companies this week paid about $500,000 after a Conti ransomeware attack.

CS Energy chief executive Andrew Bills said the company’s ICT systems and safeguards had layers of separation and protection, which enabled it to contain and protect its critical infrastructure.

“We continue to progressively restore our systems and are working closely with cyber security experts and relevant state and federal agencies,” he said.

 

 

 

 

More Business stories

Loading next article