Conti ransomware is a human-operated malicious actor that steals information and encrypts it, before asking a ransom from the victim. It is very dangerous due to the speed of its data encryption, and how fast it spreads to other systems. Conti is a ransomware variant first observed in early 2020, used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia.
The ransomware is offered as Ransomware-as-a-Service (RaaS), a subscription-based model that enables affiliates to use already-developed ransomware tools to execute attacks. Affiliates earn a percentage of each successful ransom payment.
Conti Ransomware Incidents in Australia
The Australian Cyber Security Centre (ACSC) have advised that Conti ransomware attacks have been targeting Australian organisations.
“The ACSC is aware of multiple instances of Australian organisations that have been impacted by Conti ransomware in November and December 2021. This activity has happened across multiple sectors. Victims have received demands for ransom payments. In addition to the encryption of data and subsequent impact to organisations’ ability to operate as usual, victims have had data stolen during incidents published by the ransomware actors, including Personally Identifiable Information (PII).”
CS Energy Attack
Queensland Government-owned energy generator CS Energy was one of the companies that had been affected by the ransomware. The attack was discovered on 27 November, which led to compromising devices on its corporate network. The company had to quickly isolate from other internal networks, in order to mitigate the malware from spreading.
CS Energy is working on restoring the affected systems. They issued a statement for the public that there is enough power generation to cover customer needs, and also mentioned that there was no indication of the attack being “state-based”.
For more information on ransomware attacks on organisations, contact us and speak with the experts.
Author: Mahdi Kobeissi, Cyber Security Consultant