-
An Australian mining firm, Avenira Limited, just got listed on a darknet leak site by someone tied to the INC Ransom group.
-
The hackers are claiming they stole around a terabyte of data from Avenira, including private internal docs and contracts.
-
Avenira hasn’t said anything about the attack or if it has impacted their operations in any way.
A mining company in Western Australia got hit with a big ransomware attack. Some of their confidential data is reportedly being held for ransom on the dark web.
The Details of the Attack
An affiliate of the INC Ransom group posted about the breach on December 16. They claimed to have removed about a terabyte of data from Avenira’s systems. The hackers said they took “quite a few NDAs” or non-disclosure agreements. To prove their claim, they released a small batch of stolen files.
An internal memorandum is reportedly among the leaked files. Attackers also took mineral exploration reports. Confidentiality agreements and signed correspondence are in the data dump, too. A signed non-disclosure agreement with another mining company was part of the leak. The attackers have not stated their ransom demand or a payment deadline.
They indicated that attackers might release more data. Avenira’s headquarters is in Perth, and they also have an office in West Perth.
We’re watching a few of Avenira’s major projects—like the Jundee Project in Western Australia and the Wonarah Phosphate Project up in the Northern Territory. Right now, Avenira hasn’t said a word about the rumored ransomware attack, and they’re not answering any questions from reporters. No one really knows yet what this means for their operations or their finances.
The Hacker Group’s Profile
This group responsible for the attack is called INC Ransom. They’ve been around since August of last year. And they claim they’ve hit hundreds of people all over the world. The group uses spear-phishing to gain initial access. They employ a “double-extortion” method. This means they steal data before encrypting the victim’s systems.
Victims face both operational disruption and data privacy risks. They are pressured to pay twice: to unlock data and prevent its publication. This group has now claimed 16 Australian organizations, highlighting a relentless focus on the region that also recently saw a separate cybercriminal group claim a major breach of sensitive Australian naval programs. Another recent victim was textile supplier Instyle, listed in early December.
The Continuous Attacks on the Mining Sector
This is not the first time such attacks have hit the mining industry in Australia. Last year, Evolution Mining Limited confirmed that it experienced a ransomware attack, too.
They brought in some outside experts to check it out. Evolution Mining confirmed that it had contained the incident. They prioritized personnel safety and system integrity. The company experienced no substantial operational impact.
Research shows 40% of Australian organizations faced a ransomware attack last year. Attackers targeted nearly half of the victims more than once.
About a third of affected organizations chose to pay a ransom. Alarmingly, 41% of those payments exceeded US$250,000. In Australia and New Zealand, 85% of organizations reported a cyber incident. This is higher than the 76% global average.
Nearly three-quarters of ransomware victims paid the ransom to prevent attackers from leaking their data. Most engaged external negotiators.
Fewer than half secured a reduction in the initial ransom demand. These trends directly affect cyber insurance. Insurers are now closely watching sectors like mining. They are adjusting pricing, coverage terms, and required security controls. This rising pressure on law enforcement has led to notable counter-operations, such as the recent FBI disruption of a dark web operation linked to the Qantas hack.
