[BreachExchange] Queensland government energy generator hit by ransomware

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Tue Nov 30 09:34:55 EST 2021


https://www.zdnet.com/article/queensland-government-energy-generator-hit-by-ransomware/

Queensland government-owned energy generator CS Energy said on Tuesday it
was responding to a ransomware incident that occurred over the weekend.

First reported by Energy Source & Distribution, the company said the
incident has not impacted electricity generation at Callide and Kogan Creek
power station, and it was looking to restore its network.

"We immediately notified relevant state and federal agencies, and are
working closely with them and other cybersecurity experts," CEO Andrew
Bills said.

"We have contacted our retail customers to reassure them that there is no
impact to their electricity supply and we have been regularly briefing
employees about our response to this incident."

In response to the incident, ANZ regional director at Claroty, Lani Refiti,
said critical infrastructure has been increasingly targeted by ransomware
gangs since the infrastructure firms cannot afford any disruptions or
downtime.

"The usual vector for ransomware is via corporate systems/networks and most
organisations in the power sector will segment their operational technology
systems from their corporate networks to avoid an attack via this route,"
Refiti said.

"Hopefully this is the case for CS Energy, who are one of Queensland's
three main power generation companies along with Stanwell Corporation and
Cleanco."

Refiti's hope is likely dashed thanks to Bills pointing out that
segregation occurred after the incident began.

"CS Energy moved quickly to contain this incident by segregating the
corporate network from other internal networks and enacting business
continuity processes," Bills said.

Earlier in the year, Callide suffered a fire in its turbine hall that led
to outages across Queensland. Speaking earlier this month, Telstra energy
head Ben Burge said the telco was able to keep the lights on for 50,000
families during that event, thanks to the telco being able to utilise
standby power assets, including batteries, used in its telecommunication
infrastructure to stabilise the grid and address market shortages.

"The physical assets we have already activated would be enough to cover
nearly 50,000 customers. In the next few years we expect to grow that
coverage to over 200,000 customers," Burge said.

Telstra has gained authorisation to operate in New South Wales, Queensland,
and South Australia and is looking to enter the energy market during 2022.

Last month, the Australian government has announced a new set of standalone
criminal offences for people who use ransomware under what it has labelled
its Ransomware Action Plan, including a new criminal offence has for people
that target critical infrastructure with ransomware.

"The Ransomware Action Plan takes a decisive stance -- the Australian
Government does not condone ransom payments being made to cybercriminals.
Any ransom payment, small or large, fuels the ransomware business model,
putting other Australians at risk," Minister for Home Affairs Karen Andrews
said at the time.

The plan will also roll out a new mandatory ransomware incident reporting
regime, which would require organisations with a turnover of over AU$10
million per year to formally notify government if they experience a cyber
attack.

Last week, the Critical Infrastructure Bill passed both houses of federal
parliament and is currently waiting for Royal Assent.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211130/14a899c1/attachment.html>


More information about the BreachExchange mailing list