Queensland government-owned energy generator CS Energy said on Tuesday it was responding to a ransomware incident that occurred over the weekend.
First reported by Energy Source & Distribution, the company said the incident has not impacted electricity generation at Callide and Kogan Creek power station, and it was looking to restore its network.
“We immediately notified relevant state and federal agencies, and are working closely with them and other cybersecurity experts,” CEO Andrew Bills said.
“We have contacted our retail customers to reassure them that there is no impact to their electricity supply and we have been regularly briefing employees about our response to this incident.”
In response to the incident, ANZ regional director at Claroty, Lani Refiti, said critical infrastructure has been increasingly targeted by ransomware gangs since the infrastructure firms cannot afford any disruptions or downtime.
“The usual vector for ransomware is via corporate systems/networks and most organisations in the power sector will segment their operational technology systems from their corporate networks to avoid an attack via this route,” Refiti said.
“Hopefully this is the case for CS Energy, who are one of Queensland’s three main power generation companies along with Stanwell Corporation and Cleanco.”
Refiti’s hope is likely dashed thanks to Bills pointing out that segregation occurred after the incident began.
“CS Energy moved quickly to contain this incident by segregating the corporate network from other internal networks and enacting business continuity processes,” Bills said.
Earlier in the year, Callide suffered a fire in its turbine hall that led to outages across Queensland. Speaking earlier this month, Telstra energy head Ben Burge said the telco was able to keep the lights on for 50,000 families during that event, thanks to the telco being able to utilise standby power assets, including batteries, used in its telecommunication infrastructure to stabilise the grid and address market shortages.
“The physical assets we have already activated would be enough to cover nearly 50,000 customers. In the next few years we expect to grow that coverage to over 200,000 customers,” Burge said.
Telstra has gained authorisation to operate in New South Wales, Queensland, and South Australia and is looking to enter the energy market during 2022.
Last month, the Australian government has announced a new set of standalone criminal offences for people who use ransomware under what it has labelled its Ransomware Action Plan, including a new criminal offence has for people that target critical infrastructure with ransomware.
“The Ransomware Action Plan takes a decisive stance — the Australian Government does not condone ransom payments being made to cybercriminals. Any ransom payment, small or large, fuels the ransomware business model, putting other Australians at risk,” Minister for Home Affairs Karen Andrews said at the time.
The plan will also roll out a new mandatory ransomware incident reporting regime, which would require organisations with a turnover of over AU$10 million per year to formally notify government if they experience a cyber attack.
Last week, the Critical Infrastructure Bill passed both houses of federal parliament and is currently waiting for Royal Assent.
- Ransomware gangs are now rich enough to buy zero-day flaws, say researchers
- Online safety and end-to-end encryption can co-exist, says data protection watchdog. But how?
- This phishing attack is using a sneaky trick to steal your passwords, warns Microsoft
- Ransomware attackers targeted this company. Then defenders discovered something curious