Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer

Mackay Sugar, Australia’s second-largest raw sugar producer, announced a cybersecurity incident on June 10 that forced it to shut down operations at two of its mills in Queensland. The company implemented interim processes to maintain critical functions, though key systems like cane supply and logistics remained disrupted. By June 12, Mackay Sugar resumed limited manual crushing at one mill to process pre-incident harvested cane, but no new cane was accepted due to ongoing restoration. On June 15, the company reported progress in restoring systems, with steam trials underway and harvesting set to resume in preparation for a staged restart of crushing operations later that week. The Gentlemen ransomware group claimed responsibility on June 15, listing Mackay Sugar on its Tor-based website but not leaking any data. The group, tracked by Microsoft as Storm-2697, uses malware to encrypt files and exfiltrate data to pressure victims into paying ransoms. Mackay Sugar operates three mills in Queensland and remains cautious, advising growers and harvesters to delay operations until further notice. The company has not confirmed whether industrial control systems or operational technology were compromised, though IT systems were affected. The attack highlights ongoing risks in critical infrastructure, with The Gentlemen group previously targeting over 500 alleged victims since mid-2025. The malware used by the group is notable for its worm-like lateral movement capabilities, allowing it to spread across networks.