Multiple Australian organizations have been impacted by Conti ransomware attacks in November and December 2021, according to the Australian Cyber Security Centre (ACSC). The ransomware attacks have occurred across multiple sectors, such as electric utilities and healthcare. According to an ACSC advisory, “Victims have received demands for ransom payments. In addition to the encryption of data and subsequent impact to organizations’ ability to operate as usual, victims have had data stolen during incidents published by the ransomware actors, including Personally Identifiable Information (PII).” Conti operators frequently employ TrickBot malware and a compromised Cobalt Strike tool in the ransomware attack chain.

In late November, for instance, the criminal group behind Conti ransomware, Wizard Spider, targeted the electrical utility, CS Energy. During the attack, the adversaries attempted to sabotage the production of 3,500 MW of electricity, which could have led to a blackout for millions of homes. However, the IT staff was able to block threat actor’s access right before they were able to sabotage electrical production. Additionally, the ACSC provides recommended mitigations on their Conti awareness page. Steps include enabling multi-factor authentication (MFA), segmenting enterprise networks, and maintaining daily offline backups, among others. Read more at BleepingComputer.