Skip to main content

Australian energy giant CS Energy suffers a ransomware attack

By 8 December 2021No Comments

CS Energy, an Australian government-owned energy company located in Queensland, said in a statement that it is responding to a ransomware incident that targeted its corporate network systems on November 27.

The energy giant, which supplies over 3,500 MW of power to Australia’s National Electricity Market, said that the attack did not impact electricity generation at its Callide and Kogan Creek power stations and that the stations are continuing to generate and dispatch electricity to the market.

Andrew Bills, CEO of CS Energy, said that the company’s prime focus is to restore the security of its network and support employees, customers, and business partners with any questions they may have.

“CS Energy moved quickly to contain this incident by segregating the corporate network from other internal networks and enacting business continuity processes,” Bills said. “We immediately notified relevant state and federal agencies, and are working closely with them and other cyber security experts.

“We have contacted our retail customers to reassure them that there is no impact to their electricity supply and we have been regularly briefing employees about our response to this incident. Unfortunately, cyber events are a growing trend in Australia and overseas.

“This incident may have affected our corporate network, but we are fortunate to have a resilient and highly skilled workforce who remain focused on ensuring CS Energy continues to deliver electricity to Queenslanders,” he added.

According to the Australian Associated Press (AAP), an Australian senator has accused China of being behind the ransomware attack on CS Energy. The company’s CEO has, however, made it clear that there is currently no indication that the cyber incident was a state-based attack.

Commenting on the ransomware attack, Brooks Wallace, VP EMEA at Deep Instinct, told Teiss that the attack is “a timely reminder that when malicious actors gain access to a corporate network they are only minutes away from crippling a corporations network and, in this case, possible critical national infrastructure.”

“Energy stations cannot afford to shut down, with closures adversely affecting not only customers and employees, but a whole nation. In order to further stop critical infrastructure attacks, organisations must change their mindset from mitigating attacks to preventing them.

“The best protection against attacks such as this one is a multi-layered approach using a variety of solutions, such as deep learning. A “prevention-first” mindset is key – attacks need to execute and run before they are picked up and checked to see if they are malicious. Deep learning helps deliver a sub-20 millisecond response time stopping a cyber-attack, pre-execution before it can take hold.

“Energy companies always talk about long-term energy sustainability solutions to protect future generations, but they must also consider sustainable cybersecurity solutions in order to protect both today’s generation and future generations,” Wallace added.

Energy providers have been a soft target of cyber criminals in the recent past. In April last year, hacker group Ragnarok stole up to 10TB of data belonging to Portuguese energy giant EDP, before threatening to leak the stolen data if a ransom of $10.9 million was not paid by the company.

Previously, security researchers also observed a Russian hacker group launching a number of cyber attacks targeting several energy firms in the UK. The hacker group, known variously as DragonFly, Energetic Bear, Crouching Yeti, DYMALLOY, and Group 24, was found specifically targeting energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.


All rights reserved Teiss Recruitment Ltd.