Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Global company EDL has detected no evidence of compromise after being listed by the Sinobi ransomware group.
The Sinobi ransomware group, another relative newcomer to the cyber crime scene, has listed an Australia-headquartered producer of sustainable energy as one of its first victims on its darknet leak site.
The hackers listed EDL, which operates power stations in Australia and around the world, on 9 August.
Sinobi, which was first observed in early July this year, shared little else about the hack other than a description of the victim and its revenue, and it did not provide any evidence of a successful intrusion.
EDL has confirmed it is aware of Sinobi’s claims, but it cannot find any evidence to back them up.
“On 13 August 2025, EDL became aware of claims regarding a potential cyber security ransomware incident involving our systems,” an EDL spokesperson told Cyber Daily.
“Following a thorough investigation by our internal security team, supported by independent cyber security experts, we can confirm that at this stage, no indicators of compromise have been detected within EDL’s current systems. All EDL’s global sites continue to operate safely and without impact.
“EDL takes all cyber security incidents very seriously and acts immediately to verify the integrity, confidentiality, and availability of our systems and data.”
Sinobi has listed a total of 16 victims since early July, and it claims to have published the data of several, although Cyber Daily has not been able to confirm this, as the links to the disclosed data appear to be dead. The group has published sample documents for one of its victims, and on some listings, there is a countdown to disclosure.
Cyber Daily has seen what is alleged to be a copy of Sinobi’s ransom note; however, it follows similar lines to many other ransomware actors.
“As you can see you have been attacked by us! We offer you to make a deal with us. all you need to do is contact us by following the instructions below,” Sinobi’s note said.
“We are not politically motivated group, we are interested only in money, we always keep our word. You have a possibility to decrypt your files and save your reputation in case we find good solution!
“You have to know we do not like procrastination. You have seven days to come to the chat room and start negotiations.”
The note provides instructions on how to go about contacting the group and engaging in negotiations, and it does not appear to be composed by a native English speaker.
As noted by threat intelligence platform DarkFeed, Sinobi’s site at launch bore a striking resemblance to the leak site of the Lynx ransomware group.
“Interestingly, the Sinobi leak site is an almost identical copy of the site used by the Lynx ransomware group,” DarkFeed said in a 5 July post to X.
“This launch comes at a time when Lynx’s attack activity has dropped significantly over the past few weeks. It’s worth watching closely to see whether this striking resemblance signals a connection between the two groups …”
EDL operates 81 power and gas facilities globally and employs 608 people.
Cyber Daily will continue to monitor this story.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
