Share this article on:
Documents from four Australian victims and one Kiwi company posted online include passport scans, medical data, and airport construction project details.
After going on an absolute tear against companies in the ANZ region, the RansomHub ransomware gang has followed through on its threats and published more than four terabytes of data belonging to Australian companies on its darknet leak site.
By far, the largest data dump belongs to Victorian firm Kempe Engineering, which the gang claimed to have hacked on 7 August. RansomHub claimed to have stolen four terabytes from Kempe alone and has now published 40 discrete folders of data belonging to the engineering firm.
The information includes project data, such as a folder labelled “wacorp” that appears to outline the company’s operations and projects in Western Australia, while another contains a large collection of invoices and credit card receipts. Spread among the data are also dozens of passport scans and numerous lists of emergency contact numbers.
Kempe did not respond to Cyber Daily when asked to comment on the ransomware gang’s claims and has remained quiet to date.
McDowall Affleck, another engineering firm, confirmed it was the victim of a ransomware attack on 2 August after RansomHub claimed the attack the day before. RansomHub has now shared all 470 gigabytes of data stolen in the attack, including details of many engineering projects and extensive human resources information – COVID-19 vaccination details, birthdays, employee review data, and employment contracts and salary details.
Tasmanian firm Hudson Civil Engineering, which RansomHub claimed to have attacked on 7 August as well, lost 112 gigabytes to the ransomware gang, and that too has now been posted online.
The data includes a raft of admin information, including emergency contact details, employment contracts, and other employee data. Also included are tender documents for projects with local and state governments. In particular, the data breach contains tenders and project plans for Burnie Airport and Hobart International Airport.
Hudson Civil Engineering did not respond to Cyber Daily’s request for comment.
RansomHub also published three gigabytes of data the gang claims was stolen from Sydney-based jewellery store Pierre Diamonds. The gang claimed the hack on 6 August, and while Pierre Diamonds did not respond to Cyber Daily’s request for comment, RansomHub has published the data, which appears to largely be website code – and the instructions for a wall-mounted coffee machine.
Go RansomHub, or that particular affiliate, at least, given the gang hires out its services to other hackers.
The gang also published 32 gigabytes of data it claimed to have stolen from New Zealand design outlet Allium Interiors on 8 August. Again, there appears to be a large amount of code for the store’s online portal, but most of the data is in a zipped archive.
For now, however, RansomHub’s dark web infrastructure seems unable to handle downloading the zip file, making it difficult to ascertain the nature of the stolen material.
Allium Interiors did not respond to Cyber Daily’s request for comment.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.