A newly surfaced ransomware group calling itself the Brotherhood has made headlines after claiming responsibility for a string of cyberattacks against Australian businesses. Since its emergence in October, the group has been steadily escalating its operations, with its latest victims, Kevmor Trade Supplies, Nina’s Jewellery, and Cera Stribley, becoming the latest additions to its growing list.
Brotherhood Claims Responsibility for Multiple Breaches
On November 15, the Brotherhood posted two new breaches to its dark web leak site. The first, Nina’s Jewellery, a Western Australian diamond business, had reportedly been compromised with 4.8 GB of stolen data, including stock details, financial records, and sensitive personal information of website members, such as phone numbers and email addresses.
On the same day, the group also revealed that it had attacked Cera Stribley, an architecture and design firm based in Melbourne. According to the Brotherhood’s leak post, the attackers had exfiltrated an extensive dataset, which they separated into two categories: 2 GB of "Free Files" and a substantial 138 GB of "Paid Files." Among the files, the group posted scans of government IDs — a passport and a driver’s license — both belonging to a senior employee. Additionally, the leak included project costs, invoices, and other business-related documents.
These latest breaches represent a continuation of the Brotherhood's rapid rise in the cybercriminal landscape, marking the 11th and 13th victims, respectively, since October.
Kevmor Trade Supplies: The Latest Victim
Just days after the November 15 leak, Kevmor Trade Supplies, a flooring supplier based in Belmont, Western Australia, was listed by the Brotherhood as yet another victim. According to the group, the attackers stole 45 GB of data, which included sensitive financial and payment records, spreadsheets, and other internal documents. Among the leaked files, the Brotherhood posted scans of a senior employee’s passport and driver’s license, further highlighting the group’s focus on personal and company data that could be exploited for fraudulent activities.
The group also shared a link to all the alleged exfiltrated files, which were timestamped as being from July 4, 2025. This cryptic detail has raised questions about whether the attackers intend to hold onto the data for a longer period, potentially using it as leverage for future extortion attempts or further exposure.
Shadowy Group with No Clear Motivation
Not much is known about the Brotherhood ransomware group, which remains relatively secretive despite its recent surge in activity. The group’s leak site offers minimal information beyond details of their victims and samples of the stolen data. Unlike some older ransomware groups, which may offer a rationale for their attacks or at least engage in negotiation for ransom payments, the Brotherhood seems to focus solely on leaking sensitive information as a form of pressure.
As with other new ransomware groups like The Gentlemen, the Brotherhood has made no public statements or attempts to justify its actions. The absence of a manifesto or any explanation about their motives has left many experts speculating about their objectives, with some believing that the group may be more focused on reputational damage to its victims than financial gain. This approach of exposing stolen data is increasingly becoming a hallmark of newer ransomware operations.
Growing Impact of New Ransomware Groups
The Brotherhood’s rapid escalation, coupled with its focus on both extortion and data exposure, highlights the growing threat posed by newer ransomware groups. Since its debut in October, the group has already amassed a significant list of victims, and the attacks show no signs of slowing down. This is in line with a broader trend of emerging ransomware gangs that are less concerned with direct payment and more focused on leveraging stolen data to cause lasting harm to businesses and their reputations.
0 Comments