CS Energy adds it continues to restore its systems in the wake of the incident.
Queensland government-owned energy generator CS Energy provided an update on Wednesday that those behind its November ransomware incident was unlikely to be a state-based actor. On the same morning, Sydney’s Daily Telegraph landed with a front page claiming China was behind the incident. Thanks to the appearance of CS Energy on a leak site listing victims of Conti ransomware run by the Wizard Spider group for the purposes of double extortion, the claims made by News Limited would appear to be unfounded. In September, the US Cybersecurity and Infrastructure Security Agency said the group uses a ransomware-as-a-service model, but instead of paying affiliates a cut of the earnings that come from ransoms, the group pays the deployers of the ransomware a wage.
