One day in late November, an Australian electricity utility company was attacked. While it was initially suspected that the attack was conducted by Chinese hackers, it was later discovered that the attack was launched by a Russian hacker group - Wizard Spider.
Diving into details
CS Energy, an electric utility owned by the Government of Queensland, suffered a digital disruption on November 27. It later discovered that the ransomware attack was conducted by Wizard Spider. The attack sabotaged the production of more than 3,500 MW of electricity and could have caused a blackout for around 3 million homes. However, the disaster was averted as the IT staff blocked the hackers’ access at the right time.
Wizard Spider is related to Conti
Conti is designed and distributed by Wizard Spider, the same group that created the Ryuk ransomware. CS Energy was mentioned in Conti’s naming and shaming website. The attack implies that the threat actors were looking to add CS Energy to their ever-growing list of financially motivated attacks.
Conti attacked Nordic Choice Hotels, impacting room key card and guest reservation systems. Investigations have revealed that there are no signs of data leak and no ransom has been demanded yet. However, it is suspected that the guest’s booking information—name, phone number, email address, and date of visit—may have been stolen.
The bottom line
Conti and other ransomware gangs have enhanced their attacks against healthcare, utilities, hospitals, and other critical infrastructure. The FBI recently issued a flash alert about the Cuba ransomware group targeting the U.S. critical infrastructure sector. The only thing to do in case of these burgeoning threats is to stay vigilant and implement strong, proactive cybersecurity defenses.