Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer
Mackay Sugar, Australia's second-largest raw sugar producer, was targeted in a ransomware attack by the threat group known as The Gentlemen. The attack forced the shutdown of some of its mills, impacting operations at two of the three cane-processing mills in Queensland. The company has been restoring affected systems and has resumed limited manual operations at one mill. The ransomware group has listed Mackay Sugar as a victim but has not leaked any data. It is unclear if industrial control systems were directly compromised. The Gentlemen group uses malware with worm-like lateral movement and exfiltrates data to pressure victims.
AI Analysis
Technical Summary
The ransomware attack against Mackay Sugar was carried out by The Gentlemen (also tracked as Storm-2697), a cybercriminal group active since mid-2025. The attack encrypted files and exfiltrated data to coerce payment. The incident disrupted operations at two of Mackay Sugar's three mills, forcing shutdowns and halting cane processing and logistics systems. Restoration efforts are ongoing, with partial manual operations resumed. No data leaks have been confirmed, and it remains unclear whether operational technology or industrial control systems were compromised. The Gentlemen group is known for malware with worm-like lateral movement capabilities and maintains a victim list exceeding 500 entities.
Potential Impact
The ransomware attack caused operational disruption by shutting down two of Mackay Sugar's mills, affecting cane supply, harvesting, and processing. This led to halted acceptance of new cane and reliance on interim manual processes. No confirmed data leaks or compromises of industrial control systems have been reported. The incident impacted a critical agricultural production facility in Australia, potentially affecting supply chains and business continuity.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Mackay Sugar is actively restoring affected systems and has implemented interim manual processes to minimize disruption. There is no public information on patches or fixes related to this ransomware attack. Organizations should monitor official communications from Mackay Sugar and cybersecurity authorities for updates and recommended actions.
Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer
Description
Mackay Sugar, Australia's second-largest raw sugar producer, was targeted in a ransomware attack by the threat group known as The Gentlemen. The attack forced the shutdown of some of its mills, impacting operations at two of the three cane-processing mills in Queensland. The company has been restoring affected systems and has resumed limited manual operations at one mill. The ransomware group has listed Mackay Sugar as a victim but has not leaked any data. It is unclear if industrial control systems were directly compromised. The Gentlemen group uses malware with worm-like lateral movement and exfiltrates data to pressure victims.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The ransomware attack against Mackay Sugar was carried out by The Gentlemen (also tracked as Storm-2697), a cybercriminal group active since mid-2025. The attack encrypted files and exfiltrated data to coerce payment. The incident disrupted operations at two of Mackay Sugar's three mills, forcing shutdowns and halting cane processing and logistics systems. Restoration efforts are ongoing, with partial manual operations resumed. No data leaks have been confirmed, and it remains unclear whether operational technology or industrial control systems were compromised. The Gentlemen group is known for malware with worm-like lateral movement capabilities and maintains a victim list exceeding 500 entities.
Potential Impact
The ransomware attack caused operational disruption by shutting down two of Mackay Sugar's mills, affecting cane supply, harvesting, and processing. This led to halted acceptance of new cane and reliance on interim manual processes. No confirmed data leaks or compromises of industrial control systems have been reported. The incident impacted a critical agricultural production facility in Australia, potentially affecting supply chains and business continuity.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Mackay Sugar is actively restoring affected systems and has implemented interim manual processes to minimize disruption. There is no public information on patches or fixes related to this ransomware attack. Organizations should monitor official communications from Mackay Sugar and cybersecurity authorities for updates and recommended actions.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/ransomware-attack-shuts-down-mills-of-australias-second-largest-sugar-producer/","fetched":true,"fetchedAt":"2026-06-15T15:30:15.362Z","wordCount":1140}
Threat ID: 6a301a870b89be68883eff50
Added to database: 6/15/2026, 3:30:15 PM
Last enriched: 6/15/2026, 3:30:24 PM
Last updated: 6/15/2026, 5:52:26 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.