Perth-based mining company Avenira Limited has reportedly fallen victim to a ransomware attack, with an affiliate of the INC Ransom group claiming to have exfiltrated roughly a terabyte of company data. The attackers have published a limited selection of documents online, including internal memos, exploration reports, and non-disclosure agreements, but have not disclosed a ransom demand or payment deadline. Avenira has yet to comment publicly on the incident.
The INC Ransom Group
Active since mid 2023, INC Ransom has rapidly gained notoriety for targeting organisations worldwide. The group typically gains entry via spear-phishing attacks and then uses a double-extortion approach, exfiltrating data before encrypting systems to pressure victims into paying not only to restore access but also to prevent stolen information from being released or sold. These are the same tactics employed by the infamous everest ransomware group, with even their sites looking very similar. In Australia alone, the INC group has publicly named 16 victims, highlighting the group’s focus on both operational disruption and sensitive data theft.
Avenira Data Breach
Avenira Limited, a mining and fertiliser project developer in Perth, was identified on a darknet leak site operated by an affiliate of the INC Ransom. This followed after an alleged ransomware intrusion. In a December 16 post, the threat actor claimed to have exfiltrated approximately one terabyte of data from Avenira’s network. To substantiate the claim, a small set of files was published, including internal memoranda, mineral exploration reports, confidentiality agreements, and what appears to be a signed non‑disclosure agreement involving another mining entity. At the time of the disclosure, the attackers had not revealed a ransom figure or set a deadline for payment, and Avenira had not issued a public response or detailed whether there has been any operational disruption or financial impact.
Hackers Demands
As of now, the darknet leak site operated by INC Ransom’s affiliate does not display any ransom demands or explicit threats to release additional data, nor is there a visible countdown, which is atypical for this type of attack. While the public-facing page provides proof of the breach through a limited selection of documents, there is no information available regarding the financial terms or deadlines. It is likely, however, that the group has communicated a ransom demand directly to Avenira in private, though no details of such negotiations have been disclosed at this time.
Conclusion
The Avenira Limited breach highlights a broader trend in cyberspace, where ransomware groups operate with a global, opportunistic approach, targeting any vulnerability they can find across industries and regions. Rather than focusing on specific sectors, these groups seek to exploit any weakness in corporate networks, often using double-extortion tactics to maximize pressure on victims. Incidents like this illustrate how the digital landscape is shifting: cybercriminals are increasingly organized, persistent, and willing to leverage sensitive data as leverage, emphasizing the need for companies worldwide to adopt robust security measures, constant monitoring, and rapid incident response strategies.
0 Comments