Queensland government-owned energy generator CS Energy provided an update on Wednesday that those behind its November ransomware incident was unlikely to be a state-based actor.
On the same morning, Sydney’s Daily Telegraph landed with a front page claiming China was behind the incident.
Thanks to the appearance of CS Energy on a leak site listing victims of Conti ransomware run by the Wizard Spider group for the purposes of double extortion, the claims made by News Limited would appear to be unfounded.
In September, the US Cybersecurity and Infrastructure Security Agency said the group uses a ransomware-as-a-service model, but instead of paying affiliates a cut of the earnings that come from ransoms, the group pays the deployers of the ransomware a wage.
Rob Joyce, director of cybersecurity at NSA, said at the time that the group has historically targeted critical infrastructure.
For its part, CS Energy said it has continued to generate electricity and feed it into the grid since the incident and has “systems and safeguards [with] layers of separation and protection, which enabled it to contain and protect its critical infrastructure”.
“Upon becoming aware of the incident, we quickly took further assertive action to physically separate the two environments,” CEO Andrew Bills said.
“We continue to progressively restore our systems and are working closely with cyber security experts and relevant state and federal agencies.”
A few days after the incident, the generator, which is one of three generator companies in Queensland, reassured retail customers it would be able to bill them per the usual cycle.
Earlier this year, the generator company experienced a fire in its turbine hall at Callide power station that led to outages across the state.