Mackay Sugar, recognized as Australia’s second-largest producer of raw sugar, has encountered significant operational disruptions following a ransomware attack. This cyber incident, which compelled the company to halt operations at several of its mills, was disclosed on June 10.
Initial Response to Cyber Threat
The company promptly addressed the situation by implementing temporary measures to sustain essential business functions and mitigate potential interruptions. Mackay Sugar, operating three key cane-processing facilities in Queensland, revealed that the cyberattack specifically impacted operations at two of these sites.
On June 12, the company resumed limited manual operations at one of the affected mills to process sugarcane harvested prior to the attack. Although some activities have restarted under controlled conditions, crucial supply and logistics systems continue to undergo restoration, with no new cane being accepted for processing as of that date.
Progress in System Restoration
By June 15, Mackay Sugar reported substantial advancements in restoring its systems, vital for cane supply, harvesting, and mill operations. The company is currently conducting steam trials and anticipates some harvesting activities will recommence shortly, preparing for a phased restart of full crushing operations within the week.
Mackay Sugar has advised growers and harvesters to delay their operations until further notice, ensuring all systems are thoroughly validated before a complete return to normalcy.
Cybercriminal Group Involvement
The Gentlemen ransomware group has claimed responsibility for the attack, listing Mackay Sugar among its victims on a Tor-based site as of June 15. However, no data leaks have yet been reported. It remains unclear whether the attack compromised industrial control systems or was limited to IT infrastructure alone.
Tracked by Microsoft as Storm-2697, the Gentlemen group has been active since mid-2025, employing malware that encrypts files and exfiltrates data to coerce victims into paying ransoms. This malware is notable for its ability to move laterally within networks, drawing attention from cybersecurity researchers.
The Gentlemen group’s website reportedly lists over 500 targets, emphasizing the widespread impact and reach of their cyber activities.
Related topics of interest include ongoing investigations by the FBI into physical infiltration methods by hackers and recent exploits in VPN vulnerabilities by other ransomware groups.
