Tripod Farmers Group (Tripod Farmers) is an Australian, family-owned salad and vegetable producer that specialises in providing fresh produce to independent and wholesale grocers.
Late last month, Tripod Farmers was listed online by the Qilin ransomware group. According to threat feeds observed by Cyber Daily, the incident occurred around 17 February 2026, suggesting that the threat actor has had access for an extended period.
While the listing is no longer available online, Qilin initially shared samples of data it allegedly stole. However, Cyber Daily has been unable to observe the claims in detail.
Speaking with Cyber Daily, Tripod Farmers confirmed it had launched an investigation into the incident.
“Tripod Farmers is investigating a cyber incident involving unauthorised access to a portion of our systems,” the statement said.
“This has not impacted our regular production capabilities or our obligations to our customers.
“As soon as we became aware of this, we began work to contain the incident and ensure the broader security of our network.”
The company added that it was investigating the Qilin listing as part of its investigation, but did not name the threat actor specifically. It also said that personal information may have been compromised in the incident.
“We are aware that an unknown third party has named Tripod Farmers online and disclosed data it claims was taken from our systems. This forms part of our ongoing investigation, and we have monitoring in place to detect any further activity,” the company said.
“As our investigation progresses, we are contacting individuals whose personal information may have been impacted, where required.
“Tripod Farmers is working with experts from across the cyber security industry as part of our response and has been liaising with the Office of the Australian Information Commissioner (OAIC).
“Since discovering the incident, we have also implemented additional security measures to further strengthen our systems and help prevent recurrence.”
Who is Qilin?
Qilin has claimed 1,903 victims since it was first observed in 2022, spread across 98 countries. It is currently the most active ransomware operation in existence.
The group operates under a ransomware-as-a-service model, with affiliates gaining access to its ransomware infrastructure in return for a cut of any ransom payments.
While many similar groups operate on far shorter timelines, Qilin and its affiliates can take months to publish stolen data. In some cases, victims listed at the beginning of 2026 have still not seen their data published online.
Similarly, while some affiliates will publish complete details of their activities, including the volume of data stolen and screenshots of evidence, others post minimal information, often not going into any detail regarding the data and its contents.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
