An artist’s impression of a ransomware incident
Queensland government-owned energy generator CS Energy provided an update on Wednesday that those behind its November ransomware incident was unlikely to be a state-based actor.
On the same morning, Sydney’s Daily Telegraph landed with a front page claiming China was behind the incident.
Thanks to the appearance of CS Energy on a leak site listing victims of Conti ransomware run by the Wizard Spider group for the purposes of double extortion, the claims made by News Limited would appear to be unfounded.
In September, the US Cybersecurity and Infrastructure Security Agency said the group uses a ransomware-as-a-service model, but instead of paying affiliates a cut of the earnings that come from ransoms, the group pays the deployers of the ransomware a wage.
Rob Joyce, director of cybersecurity at NSA, said at the time that the group has historically targeted critical infrastructure.
For its part, CS Energy said it has continued to generate electricity and feed it into the grid since the incident and has “systems and safeguards [with] layers of separation and protection, which enabled it to contain and protect its critical infrastructure”.
“Upon becoming aware of the incident, we quickly took