Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer

Summary

Mackay Sugar, Australia's second-largest sugar producer, has been hit by a ransomware attack attributed to the threat group known as The Gentlemen. The incident forced the company to shut down some of its mills, impacting operations and supply chains. While limited manual operations have resumed at one mill, key systems remain under restoration, and the company is advising growers not to harvest until further notice. The Gentlemen group, tracked by Microsoft as Storm-2697, has claimed responsibility but has not yet leaked any data.

Full text

Mackay Sugar, a major Australian sugar producer, has been targeted in a ransomware attack that forced it to shut down some of its mills. The hacker attack came to light on June 10, when Mackay Sugar announced it was responding to a cybersecurity incident affecting some of its operations. “Interim processes are in place to support critical business functions and minimise disruption where possible,” the company said at the time. Mackay Sugar operates three cane-processing mills in Queensland and is Australia’s second-largest raw sugar producer. The cyberattack appears to have impacted operations at two of the mills, but the company announced on June 12 that it had “recommenced a limited manual crushing operation” at one mill to process cane harvested prior to the incident. “While some operations have resumed in a controlled manner, key cane supply and logistics systems remain subject to ongoing restoration and no additional cane is being accepted at our mills at this stage,” Mackay Sugar said on June 12.Advertisement. Scroll to continue reading. In its latest update, shared on June 15, the company said it’s still responding to the incident. “Significant progress has been made over the weekend in restoring the systems that support cane supply, harvesting and mill operations,” Mackay Sugar stated. It added, “Steam trials are now underway, and subject to final validation activities, some harvesting is expected to recommence this week in preparation for the staged restart of crushing operations later this week. We have taken the responsible course of action in advising growers and harvesters not to recommence harvesting until we advise them to do so.” The Gentlemen ransomware group named Mackay Sugar on its Tor-based website on June 15, but it has yet to leak any data. Mackay Sugar’s updates do not provide any information on potential data compromise. It’s also unclear whether the hackers reached industrial control systems (ICS) or other operational technology (OT), or whether such systems were indirectly affected by the hacking of IT systems. The Gentlemen group, tracked by Microsoft as Storm-2697, has been around since mid-2025. The cybercriminals use malware to encrypt files on compromised systems and exfiltrate data to pressure the victim into paying. The malware used by the group drew researchers’ attention due to its worm-like lateral movement capabilities. The Gentlemen’s website lists more than 500 alleged victims at the time of writing. Related: FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data Related: Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks Related: Silent Ransom Group Uses DNS Fast Flux in Attacks Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Eduard Kovacs Industry Reactions to Claude Fable 5: Feedback FridayAnthropic Disputes Fable 5 AI JailbreakGoogle Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHuntersOracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day AttacksSiemens Says Desigo CC Files Flagged as Malware by Security EnginesUniversity of Nottingham Confirms Breach After Hackers Leak DataMicrosoft Patches Exploited Exchange Server VulnerabilityCritical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data Centers Latest News Chinese Hackers Target Medical, Military, and AI Research in North AmericaNewCore Emerges From Stealth Mode With $66 Million in FundingUkrainian Man Pleads Guilty in US to Conti Ransomware ChargesOzempic Maker Novo Nordisk Says Hackers Breached IT SystemsFrench Government Messaging Platform Breached by Mysterious ‘Misere’ HackerShinyHunters Claims Council of Europe HackFBI, Google Dismantle ‘Outsider Enterprise’ Phishing ServiceMaine Disables Data Breach Portal Due to Fake Submissions Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: How Modern Breaches Bypass MFA and Evade Detection June 17, 2026 Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes. Register Webinar: Modern Exposure Validation in the AI Era June 24, 2026 AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program. Register People on the MoveStephen Garcia has been named Chief Information Security Officer at BreachRx.Kasper Lindgaard has been appointed Vice President of Security Strategy at CoreView.Chaim Mazal has been named Chief Information Security Officer at GitLab.More People On The MoveExpert Insights After AI Reaches Production: 12 Ways Security Teams Can Take Control Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb) Everybody Is Vibe Coding But Nobody Told the Security Team AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au) The Zero-Knowledge Threat Actor and the End of Responsible Disclosure AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor) Raising the Cybersecurity Stakes: Ante up for the Agentic Era CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael) Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email

Entities