Mackay Sugar, a major Australian sugar producer, has been targeted in a ransomware attack that forced it to shut down some of its mills.
The hacker attack came to light on June 10, when Mackay Sugar announced it was responding to a cybersecurity incident affecting some of its operations.
“Interim processes are in place to support critical business functions and minimise disruption where possible,” the company said at the time.
Mackay Sugar operates three cane-processing mills in Queensland and is Australia’s second-largest raw sugar producer.
The cyberattack appears to have impacted operations at two of the mills, but the company announced on June 12 that it had “recommenced a limited manual crushing operation” at one mill to process cane harvested prior to the incident.
“While some operations have resumed in a controlled manner, key cane supply and logistics systems remain subject to ongoing restoration and no additional cane is being accepted at our mills at this stage,” Mackay Sugar said on June 12.
In its latest update, shared on June 15, the company said it’s still responding to the incident.
“Significant progress has been made over the weekend in restoring the systems that support cane supply, harvesting and mill operations,” Mackay Sugar stated.
It added, “Steam trials are now underway, and subject to final validation activities, some harvesting is expected to recommence this week in preparation for the staged restart of crushing operations later this week. We have taken the responsible course of action in advising growers and harvesters not to recommence harvesting until we advise them to do so.”
The Gentlemen ransomware group named Mackay Sugar on its Tor-based website on June 15, but it has yet to leak any data.
Mackay Sugar’s updates do not provide any information on potential data compromise.
It’s also unclear whether the hackers reached industrial control systems (ICS) or other operational technology (OT), or whether such systems were indirectly affected by the hacking of IT systems.
The Gentlemen group, tracked by Microsoft as Storm-2697, has been around since mid-2025. The cybercriminals use malware to encrypt files on compromised systems and exfiltrate data to pressure the victim into paying.
The malware used by the group drew researchers’ attention due to its worm-like lateral movement capabilities.
The Gentlemen’s website lists more than 500 alleged victims at the time of writing.
Related: FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data
Related: Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks
Related: Silent Ransom Group Uses DNS Fast Flux in Attacks
