An Australian environmental management firm with a global footprint has found itself listed as a victim of the INC Ransom ransomware group.
The hackers listed the Victoria-based Earth Systems in a 7 May post to their darknet leak site, claiming to have stolen at least 600 gigabytes of company data, including, according to INC Ransom, “full corp data nda client contract project” information.
Over the last few days, INC Ransom – or, more accurately, one of its affiliates – has suggested the data will be published in three parts. The size of the second and third parts has not yet been revealed.
No ransom demand has been published, but the apparent deadline is within 12 days.
What INC Ransom has published, however, are more than a dozen document scans and screenshots of file directories. The documents include several invoices, company correspondence, impact assessments of various mining projects, and subcontractor work authorisations.
Several other global entities, particularly in the mining sector, are mentioned in the documents.
Cyber Daily has reached out to Earth Systems for comment, but has yet to receive a response.
Who is INC Ransom?
INC Ransom was first observed in August 2023 and has claimed 798 victims since then. The group has risen in recent weeks from the fifth-most active ransomware actor on the planet to the number four ranking, suggesting a surge in activity.
The group is a ransomware-as-a-service operation, offering its ransomware expertise to affiliates in return for a cut of any profits.
The group has been observed using spear-phishing tactics to gain initial access and double-extortion techniques to pressure its victims, meaning it exfiltrates data from a victim’s network before encrypting it in place.
The victim must then pay a ransom not only to recover the data encrypted on its own systems but also to ensure that it is not published to the darknet or sold to another threat actor.
INC Ransom’s most recent Australian victim was the Bendigo & District Aboriginal Co-operative, which fell victim to the hackers in April.
Who is Earth Systems?
Earth Systems has its head office in Port Melbourne, Victoria, but has further offices in Africa, Asia, and Europe, as well as an office in Brisbane.
According to the company website, “Earth Systems provides high-quality services and solutions in the areas of environmental and social impact assessment, climate change, water management and treatment, ecology, energy and carbon efficiency, waste management and resource efficiency, community engagement, and stakeholder consultation.”
The company provides services to the mining, oil and gas, infrastructure, water and wastewater, and urban and rural development sectors.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.