An energy generator owned by the government of Australia’s Queensland has been the victim of a targeted ransomware attack.

First reports from the incident and CS Energy, the organisation in charge of its operation, stated that electricity generation has not been affected by the attack at the state’s power stations based at Kogan Creek and Callide. The company added that every effort was now being made to restore the network.

Response to a ransomware raid

CS Energy is one of a trio of major power companies providing energy to Queensland that also includes Cleanco and the Stanwell Corporation. Its Chief Executive Officer, Andrew Bills, commented on the company’s course of action following the recent cyberattack:

“We immediately notified relevant state and federal agencies and are working closely with them and other cybersecurity experts. We have contacted our retail customers to reassure them that there is no impact to their electricity supply, and we have been regularly briefing employees about our response to this incident.”

Lani Refiti, regional director of the Australia and New Zealand Banking Group (ANZ), commented that ransomware gangs are increasingly targeting critical infrastructure firms as they are unable to afford downtime or disruption.

As a result, many companies working the power sector typically section off their corporate networks from operational technology solutions to safeguard key systems involving energy generation.

Bills commented on this process but added that the company segmented its services only after the compromise occurred:

“CS Energy moved quickly to contain this incident by segregating the corporate network from other internal networks and enacting business continuity processes.”

Australia’s attitude towards ransomware attacks

In October, the Australian Government announced a brand-new selection of standalone criminal offences for individuals attempting to use ransomware in accordance with what has been branded the Ransomware Action Plan. This dedicated legislation includes a new criminal offence created for those who target critical infrastructure when unleashing a ransomware attack.

Karen Andrews, Minister for Home Affairs explained the government’s position:

“The Ransomware Action Plan takes a decisive stance — the Australian Government does not condone ransom payments being made to cybercriminals.”

It added that whether a ransom payment was large or small, its impact was to fuel the business model used by ransomware operators and put other Australian citizens and businesses at risk.

The newly formed initiative will also roll out an all-new and compulsory regime of reporting ransomware incidents. Once in effect, it will require organisations that have a turnover of more than $10m (£5.38m) each year to formally notify the government should they become the victim of a cyberattack.

This Critical Infrastructure Bill recently passed successfully through federal parliament and is now awaiting Royal Assent.

International cybersecurity experts here in the UK, Russia and the US continually voice their opinion that conceding to ransomware demands is not the right solution to managing an attack. They argue that as soon as a system is penetrated and files viewed and encrypted, a data breach has already occurred. Victims only have the word of their attackers that stolen data has ever been destroyed.

Help prevent ransomware attacks from terrorising your business with our services offered at Galaxkey.