Conti ransomware group behind the attack on Queensland electric utility

Russian-speaking hackers were identified as culprits behind the attack on an Australian electric utility.

On Monday, Australian media reported that Chinese government hackers attacked CS Energy, an
electric utility serving millions of people in Queensland state in northeast Australia.

According to Reuters, reports came amid high tensions between Australia and China, thus prompting the utility to issue a statement, explaining that there's no indication of a government-backed attack.

Later, however, the Russian-speaking ransomware gang Conti has claimed credit for the attack. Hackers named CS Energy on their leak site for ransomware victims.

"Conti listed CS Energy on its leak site which, obviously, would indicate that one of its affiliates was responsible for the attack," Brett Callow, a threat analyst at security firm Emsisoft, told Reuters.

Callow further explained that Conti affiliates listing CS Energy on their website indicate a 'financially motivated ransomware attack' instead of a state-sponsored attack.

Conti ransomware

Conti started operating in late 2019, and it runs Conti.News data leak site. The group gets initial access through stolen RDP credentials, phishing emails with malicious attachments.

Experts believe that Conti attacks resemble tactics seen in nation-state attacks. The groups also rely on human-operated attacks instead of increasingly popular automated intrusions. Conti attempts to find a buyer for the data before posting on site.

Ireland's HSE, Volkswagen Group, several US cities, counties, and school districts were affected by Conti. Conti has been observed to be in the networks for anywhere between a few days to even weeks before actually launching ransomware.

The group is believed to be based in the second largest Russian city of Saint Petersburg. It's also speculated that people behind Conti used to be in charge of another prominent ransomware cartel, Ryuk.

The group has been particularly active recently, with the FBI and CISA issuing a warning over 400 Conti ransomware attacks aimed at stealing sensitive data.

As with many modern extortion gangs, Conti offers Ransomware-as-a-Service (RaaS) package, offering its malware to affiliates. The core team takes 20-30% of a ransom payment, while the affiliates keep the rest of the loot.

Golden age

Cyberattacks are increasing in scale, sophistication, and scope. The last 12 months were ripe with major high-profile cyberattacks, such as the SolarWinds hack, attacks against the Colonial Pipeline, meat processing company JBS, and software firm Kaseya.

Pundits talk of a ransomware gold rush, with the number of attacks increasing over 90% in the first half of 2021 alone.

The prevalence of ransomware has forced governments to take multilateral action against the threat. It's likely a combined effort allowed to push the infamous REvil and BlackMatter cartels offline and arrest the Cl0p ransomware cartel members.

Gangs, however, either rebrand or form new groups. Most recently, LockBit 2.0 was the most active ransomware group with a whopping list of 203 victims in Q3 of 2021 alone.

An average data breach costs victims $4.24 million per incident, the highest in the 17 years. For example, the average cost stood at $3.86 million per incident last year, putting recent results at a 10% increase.

More from CyberNews

Microsoft Vancouver leaking website credentials via overlooked DS_STORE file

Decentralized identity: is privacy worth the risk?

Amazon’s Web Services outage affects major sites and smart home devices

The rise of mental health start-ups for burnt-out employees

Microsoft disrupts activities of a China-based hacking group in 29 countries

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked