Powered by MOMENTUM MEDIA
lawyers weekly logo

Powered by MOMENTUMMEDIA

Breaking news and updates daily.

Subscribe to our Newsletter

Powered by MOMENTUM MEDIA
Breaking news and updates daily. Subscribe to our Newsletter
facebook linkedin X Instagram youtube

Explore

SECTIONS

MORE

search button
Advertisement

Exclusive: Akira claims ransomware attack on Australian engineering firm

Threat actors have claimed a ransomware attack on Australian engineering firm Thornton Engineering.

user icon Daniel Croft
Tue, 25 Feb 2025 Security
Exclusive: Akira claims ransomware attack on Australian engineering firm
expand image

The Akira ransomware gang listed Thornton Engineering on its dark web leak site on 24 February, claiming to have exfiltrated personal and business data.

“We are ready to upload more than 11 GB of essential corporate documents such as: contact numbers and email addresses of employees and customers, financial data (audits, payment details, reports), etc,” said the ransomware group.

You’re out of free articles for this month

Cyber Daily has observed that Thornton Engineering Australia is no longer listed on the group’s dark web leak site but has been unable to verify the reason for this.

Cyber Daily has contacted Thornton Engineering Australia for comment on the incident.

The Akira ransomware gang first appeared in March 2023 and is best known for targeting victims in the UK, US and Australia.

Just last week, the Akira ransomware gang claimed a cyber attack on a now-defunct Australian media company, Regency Media.

The threat actor claimed to have stolen personal data belonging to customers and employees, as well as personal data.

“We are ready to upload more than 16 GB of essential corporate data such as: NDAs, driver’s licenses, passports, contact numbers and email addresses of employees and customers, financial data (audits, payment details, reports), etc,” said the group.

Cyber attacks on defunct firms are an often overlooked security risk, as data often remains on legacy servers.

“This scenario highlights a critical challenge in cyber security: the risks posed by unmanaged legacy data when businesses shut down,” Christiaan Beek, Rapid7’s senior director of threat analytics, told Cyber Daily.

“Even after closure, sensitive data often remains on servers or cloud systems that can become easy targets for attackers, especially if they’re no longer monitored or secured.”

Cyber Daily has been unable to verify the legitimacy of the data theft claims.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
You need to be a member to post comments. Become a member for free today!

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.
CD Logo

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

Be the first to hear the latest developments in the cyber industry.

momentummedia media
most innovative companies awards

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

CATEGORIES

STAY CONNECTED

Copyright © 2025 MOMENTUMMEDIA