Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
A novated lease services provider that handles government customers was hit by an alleged ransomware attack, with customer details potentially exposed.
On its darknet leak site, the Akira ransomware gang has listed a novated lease provider that works with public sector organisations and not-for-profits.
LeasePLUS, which operates out of the Melbourne suburb of Docklands, also provides novated lease services to public health organisations, charities, and other rebateable institutions.
A novated lease lets employers salary package the purchase and running costs of a car, providing savings on income tax and GST.
Akira listed LeasePLUS in a leak post dated 18 July.
“We are ready to upload six GB of corporate documents,” an Akira spokesperson said.
“Personal files of more than 2,300 people (customers and employees), NDAs, contracts and agreements, etc.”
Akira does not share any details regarding ransom demands or deadlines, but it does include something of a welcome message for victims looking to contact the hackers.
“Well, you are here. It means that you’re suffering from cyber incident right now. Think of our actions as an unscheduled forced audit of your network for vulnerabilities. Keep in mind that there is a fair price to make it all go away,” Akira’s introductory message said.
“Do not rush to assess what is happening – we did it to you. The best thing you can do is to follow our instructions to get back to your daily routine, by cooperating with us you will minimise the damage that might be done.”
Akira’s initial demands can range from as low as US$100,000 to as high as US$4 million, though the gang is willing to negotiate with its victims to come to an accommodation. This process often leads to a dramatic decrease in ransom demand, though the negotiation process can be rough.
The gang was first observed in March 2023 and has since claimed hacks on a total of 874 victims, making it one of the most active ransomware groups currently in operation. Its most recent Australian victim was steel contractor Watkins Steel, which was listed by Akira in May 2025.
LeasePLUS has yet to respond to Cyber Daily’s request for comment.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
