Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer - SecurityWeek

Mackay Sugar, a major Australian sugar producer, has been targeted in a ransomware attack that forced it to shut down some of its mills. The hacker attack came to light on June 10, when Mackay Sugar announced it was responding to a cybersecurity incident affecting some of its operations. “Interim processes are in place to support critical business functions and minimise disruption where possible,” the company said at the time. Mackay Sugar operates three cane-processing mills in Queensland and is Australia’s second-largest raw sugar producer. The cyberattack appears to have impacted operations at two of the mills, but the company announced on June 12 that it had “recommenced a limited manual crushing operation” at one mill to process cane harvested prior to the incident.  “While some operations have resumed in a controlled manner, key cane supply and logistics systems remain subject to ongoing restoration and no additional cane is being accepted at our mills at this stage,” Mackay Sugar said on June 12. In its latest update, shared on June 15, the company said it’s still responding to the incident.  “Significant progress has been made over the weekend in restoring the systems that support cane supply, harvesting and mill operations,” Mackay Sugar stated. It added, “Steam trials are now underway, and subject to final validation activities, some harvesting is expected to recommence this week in preparation for the staged restart of crushing operations later this week. We have taken the responsible course of action in advising growers and harvesters not to recommence harvesting until we advise them to do so.” The Gentlemen ransomware group named Mackay Sugar on its Tor-based website on June 15, but it has yet to leak any data. Mackay Sugar’s updates do not provide any information on potential data compromise. It’s also unclear whether the hackers reached industrial control systems (ICS) or other operational technology (OT), or whether such systems were indirectly affected by the hacking of IT systems.  The Gentlemen group, tracked by Microsoft as Storm-2697, has been around since mid-2025. The cybercriminals use malware to encrypt files on compromised systems and exfiltrate data to pressure the victim into paying.  The malware used by the group drew researchers’ attention due to its worm-like lateral movement capabilities. The Gentlemen’s website lists more than 500 alleged victims at the time of writing.  Related: FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data Related: Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks Related: Silent Ransom Group Uses DNS Fast Flux in Attacks WRITTEN BY Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks Chinese Hackers Target Medical, Military, and AI Research in North America Ozempic Maker Novo Nordisk Says Hackers Breached IT Systems Maine Disables Data Breach Portal Due to Fake Submissions  Industry Reactions to Claude Fable 5: Feedback Friday Anthropic Disputes Fable 5 AI Jailbreak Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks Latest News iRhythm Confirms Data Stolen in Hack Hacker Conversations: Isira Adithya, the Evolution of an Ethical Hacker Magnitude Emerges From Stealth Mode With $10 Million in Funding AI and Cybersecurity – Everything You Wanted to Know, But Were Afraid to Ask Endpoint Security Startup Ent Emerges From Stealth With $100 Million Seed Round Cybercrime Group Claims Novo Nordisk Hack Can CISOs Trust Their Applications? TrustCloud Wants to Replace the Questionnaire Cal Water Investigating Iranian Hackers’ Claims Trending Webinar: How Modern Breaches Bypass MFA And Evade Detection June 17, 2026 Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes. Register Webinar: Modern Exposure Validation In The AI Era June 24, 2026 AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program. Register People on the Move Stephen Garcia has been named Chief Information Security Officer at BreachRx. Kasper Lindgaard has been appointed Vice President of Security Strategy at CoreView. Chaim Mazal has been named Chief Information Security Officer at GitLab. More People On The Move Expert Insights After AI Reaches Production: 12 Ways Security Teams Can Take Control Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb) Everybody Is Vibe Coding But Nobody Told The Security Team AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au) The Zero-Knowledge Threat Actor And The End Of Responsible Disclosure AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor) Raising The Cybersecurity Stakes: Ante Up For The Agentic Era CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael) Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Flipboard Reddit Whatsapp Email