Mackay Sugar, a major Australian sugar producer, has been targeted in a ransomware attack that forced it to shut down some of its mills. The hacker attack came to light on June 10, when Mackay Sugar announced it was responding to a cybersecurity incident affecting some of its operations.
“Interim processes are in place to support critical business functions and minimise disruption where possible,” the company said at the time. Mackay Sugar operates three cane-processing mills in Queensland and is Australia’s second-largest raw sugar producer.
Ransomware Attack Impact
The cyberattack appears to have impacted operations at two of the mills, but the company announced on June 12 that it had “recommenced a limited manual crushing operation” at one mill to process cane harvested prior to the incident. “While some operations have resumed in a controlled manner, key cane supply and logistics systems remain subject to ongoing restoration and no additional cane is being accepted at our mills at this stage,” Mackay Sugar said on June 12.
Restoration Efforts
In its latest update, shared on June 15, the company said it’s still responding to the incident. “Significant progress has been made over the weekend in restoring the systems that support cane supply, harvesting and mill operations,” Mackay Sugar stated. It added, “Steam trials are now underway, and subject to final validation activities, some harvesting is expected to recommence this week in preparation for the staged restart of crushing operations later this week. We have taken the responsible course of action in advising growers and harvesters not to recommence harvesting until we advise them to do so.”
The Gentlemen Ransomware Group
The Gentlemen ransomware group named Mackay Sugar on its Tor-based website on June 15, but it has yet to leak any data. Mackay Sugar’s updates do not provide any information on potential data compromise. It’s also unclear whether the hackers reached industrial control systems (ICS) or other operational technology (OT), or whether such systems were indirectly affected by the hacking of IT systems.
The Gentlemen group, tracked by Microsoft as Storm-2697, has been around since mid-2025. The cybercriminals use malware to encrypt files on compromised systems and exfiltrate data to pressure the victim into paying. The malware used by the group drew researchers’ attention due to its worm-like lateral movement capabilities. The Gentlemen’s website lists more than 500 alleged victims at the time of writing.
Conclusion
The ransomware attack on Mackay Sugar highlights the importance of cybersecurity in the sugar production industry. The company's swift response to the incident and efforts to restore operations demonstrate its commitment to minimizing disruption and ensuring the continuity of its business.
- The attack occurred on June 10 and affected some of Mackay Sugar's operations.
- The company has restored some operations, but key cane supply and logistics systems remain subject to ongoing restoration.
- The Gentlemen ransomware group has named Mackay Sugar as a victim, but has not leaked any data.
Mackay Sugar's experience serves as a reminder to all organizations of the need for robust cybersecurity measures to protect against ransomware attacks and other cyber threats.
Source: SecurityWeek