Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer

In its latestupdate, shared on June 15, the company said it’s still responding to the incident.“Significant progress has been made over the weekend in restoring the systems that support cane supply, harvesting and mill operations,” Mackay Sugar stated.It added, “Steam trials are now underway, and subject to final validation activities, some harvesting is expected to recommence this week in preparation for the staged restart of crushing operations later this week. We have taken the responsible course of action in advising growers and harvesters not to recommence harvesting until we advise them to do so.”The Gentlemenransomware group named Mackay Sugar on its Tor-based website on June 15, but it has yet to leak any data.Mackay Sugar’s updates do not provide any information on potential data compromise.It’s also unclear whether the hackers reached industrial control systems (ICS) or other operational technology (OT), or whether such systems were indirectly affected by the hacking of IT systems.The Gentlemen group, tracked by Microsoft as Storm-2697, has been around since mid-2025. The cybercriminals use malware to encrypt files on compromised systems and exfiltrate data to pressure the victim into paying.The malware used by the group drew researchers’ attention due to its worm-like lateral movement capabilities.The Gentlemen’s website lists more than 500 alleged victims at the time of writing.Related:FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal DataRelated:Check Point VPN Zero-Day Exploited in Qilin Ransomware AttacksRelated:Silent Ransom Group Uses DNS Fast Flux in Attacks

“Significant progress has been made over the weekend in restoring the systems that support cane supply, harvesting and mill operations,” Mackay Sugar stated.It added, “Steam trials are now underway, and subject to final validation activities, some harvesting is expected to recommence this week in preparation for the staged restart of crushing operations later this week. We have taken the responsible course of action in advising growers and harvesters not to recommence harvesting until we advise them to do so.”The Gentlemenransomware group named Mackay Sugar on its Tor-based website on June 15, but it has yet to leak any data.Mackay Sugar’s updates do not provide any information on potential data compromise.It’s also unclear whether the hackers reached industrial control systems (ICS) or other operational technology (OT), or whether such systems were indirectly affected by the hacking of IT systems.The Gentlemen group, tracked by Microsoft as Storm-2697, has been around since mid-2025. The cybercriminals use malware to encrypt files on compromised systems and exfiltrate data to pressure the victim into paying.The malware used by the group drew researchers’ attention due to its worm-like lateral movement capabilities.The Gentlemen’s website lists more than 500 alleged victims at the time of writing.Related:FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal DataRelated:Check Point VPN Zero-Day Exploited in Qilin Ransomware AttacksRelated:Silent Ransom Group Uses DNS Fast Flux in Attacks

It added, “Steam trials are now underway, and subject to final validation activities, some harvesting is expected to recommence this week in preparation for the staged restart of crushing operations later this week. We have taken the responsible course of action in advising growers and harvesters not to recommence harvesting until we advise them to do so.”The Gentlemenransomware group named Mackay Sugar on its Tor-based website on June 15, but it has yet to leak any data.Mackay Sugar’s updates do not provide any information on potential data compromise.It’s also unclear whether the hackers reached industrial control systems (ICS) or other operational technology (OT), or whether such systems were indirectly affected by the hacking of IT systems.The Gentlemen group, tracked by Microsoft as Storm-2697, has been around since mid-2025. The cybercriminals use malware to encrypt files on compromised systems and exfiltrate data to pressure the victim into paying.The malware used by the group drew researchers’ attention due to its worm-like lateral movement capabilities.The Gentlemen’s website lists more than 500 alleged victims at the time of writing.Related:FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal DataRelated:Check Point VPN Zero-Day Exploited in Qilin Ransomware AttacksRelated:Silent Ransom Group Uses DNS Fast Flux in Attacks

The Gentlemenransomware group named Mackay Sugar on its Tor-based website on June 15, but it has yet to leak any data.Mackay Sugar’s updates do not provide any information on potential data compromise.It’s also unclear whether the hackers reached industrial control systems (ICS) or other operational technology (OT), or whether such systems were indirectly affected by the hacking of IT systems.The Gentlemen group, tracked by Microsoft as Storm-2697, has been around since mid-2025. The cybercriminals use malware to encrypt files on compromised systems and exfiltrate data to pressure the victim into paying.The malware used by the group drew researchers’ attention due to its worm-like lateral movement capabilities.The Gentlemen’s website lists more than 500 alleged victims at the time of writing.Related:FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal DataRelated:Check Point VPN Zero-Day Exploited in Qilin Ransomware AttacksRelated:Silent Ransom Group Uses DNS Fast Flux in Attacks

Mackay Sugar’s updates do not provide any information on potential data compromise.It’s also unclear whether the hackers reached industrial control systems (ICS) or other operational technology (OT), or whether such systems were indirectly affected by the hacking of IT systems.The Gentlemen group, tracked by Microsoft as Storm-2697, has been around since mid-2025. The cybercriminals use malware to encrypt files on compromised systems and exfiltrate data to pressure the victim into paying.The malware used by the group drew researchers’ attention due to its worm-like lateral movement capabilities.The Gentlemen’s website lists more than 500 alleged victims at the time of writing.Related:FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal DataRelated:Check Point VPN Zero-Day Exploited in Qilin Ransomware AttacksRelated:Silent Ransom Group Uses DNS Fast Flux in Attacks

It’s also unclear whether the hackers reached industrial control systems (ICS) or other operational technology (OT), or whether such systems were indirectly affected by the hacking of IT systems.The Gentlemen group, tracked by Microsoft as Storm-2697, has been around since mid-2025. The cybercriminals use malware to encrypt files on compromised systems and exfiltrate data to pressure the victim into paying.The malware used by the group drew researchers’ attention due to its worm-like lateral movement capabilities.The Gentlemen’s website lists more than 500 alleged victims at the time of writing.Related:FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal DataRelated:Check Point VPN Zero-Day Exploited in Qilin Ransomware AttacksRelated:Silent Ransom Group Uses DNS Fast Flux in Attacks

The Gentlemen group, tracked by Microsoft as Storm-2697, has been around since mid-2025. The cybercriminals use malware to encrypt files on compromised systems and exfiltrate data to pressure the victim into paying.The malware used by the group drew researchers’ attention due to its worm-like lateral movement capabilities.The Gentlemen’s website lists more than 500 alleged victims at the time of writing.Related:FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal DataRelated:Check Point VPN Zero-Day Exploited in Qilin Ransomware AttacksRelated:Silent Ransom Group Uses DNS Fast Flux in Attacks

The malware used by the group drew researchers’ attention due to its worm-like lateral movement capabilities.The Gentlemen’s website lists more than 500 alleged victims at the time of writing.Related:FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal DataRelated:Check Point VPN Zero-Day Exploited in Qilin Ransomware AttacksRelated:Silent Ransom Group Uses DNS Fast Flux in Attacks

The Gentlemen’s website lists more than 500 alleged victims at the time of writing.Related:FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal DataRelated:Check Point VPN Zero-Day Exploited in Qilin Ransomware AttacksRelated:Silent Ransom Group Uses DNS Fast Flux in Attacks

Related:FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal DataRelated:Check Point VPN Zero-Day Exploited in Qilin Ransomware AttacksRelated:Silent Ransom Group Uses DNS Fast Flux in Attacks

Source: SecurityWeek