Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
A Victorian accounting firm has been listed as a ransomware victim, with internal documents posted to the dark web.
The Moonee Ponds-based accounting firm MKA Accountants has been listed as a victim on the darknet leak site of the Qilin ransomware gang.
Qilin shared evidence of the hack on 14 May, publishing 12 documents as part of its leak post, including internal correspondence, financial statements, and insurance information.
The ransomware gang did not share any details of its ransom demand or the deadline before it publishes the full dataset. Based on previous negotiations, Qilin typically scales its ransom demands to the financial status of its victims.
MKA Accountants is aware of Qilin’s claim and is actively investigating the incident.
“MKA Accountants has become aware that a third party has named our firm online alongside claims they have accessed some of our data,” a spokesperson for MKA Accountants told Cyber Daily.
“We are also aware that this unauthorised third party has also disclosed some files it claims were taken from our IT environment, and we are working to verify this as a priority.”
Out of an abundance of caution, MKA Accountants has notified its clients of the incident and will remain in touch. The Australian Cyber Security Centre and the Office of the Australian Information Commissioner have also been informed.
“If we detect that information has been impacted as a result of this incident, we will contact affected parties as required to provide support and guidance in how to respond,” MKA’s spokesperson said.
“We understand this news may cause concern to our stakeholders, and we thank them for their ongoing support as we work to resolve this as swiftly as possible.”
Qilin takes its name from a mythical Chinese creature, though members of the operation have been observed conversing in Russian on hacking forums. The gang was first observed in August 2022 and has since then claimed 442 victims, and its most recent Australian victim was steel industry provider Galvatech, which was listed on the group’s leak site in April.
The gang was also responsible for a devastating attack on the UK-based pathology services provider Synnovis Group, which impacted five London hospitals in June 2024. The attack was declared a critical incident and led to the postponement of patient procedures and operations.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
