Food Sector Cyber Risk Exposed By Mackay Sugar Hit

A ransomware attack on Australia's second-largest sugar producer has shut two Queensland mills, the latest blow to critical infrastructure as attacks on essential industries climb.

Mackay Sugar confirmed a cyber security incident affecting parts of its operations. Milling stopped at the Farleigh and Racecourse plants near Mackay during peak crushing season.

The strike fits a widening pattern. Ransomware crews increasingly target food, energy and utilities, where downtime is costly and operators face pressure to pay.

The Food and Ag-ISAC recorded 265 ransomware attacks on the sector in 2025. Total incidents across all sectors rose 82 per cent to 6,377. 

A third Mackay Sugar mill at Marian was unaffected because it had not yet begun crushing. The company runs three mills and produces about 700,000 tonnes of raw sugar each year.

The attack forced roughly 1,300 mostly family-owned farms to stop harvesting cane. Cut cane loses sugar content quickly, so the halt threatened grower income across the region.

Mackay Sugar told growers to cease harvesting immediately and wait for further instruction. Industry body Canegrowers Mackay relayed the directive to its members.

The producer engaged specialist cyber security experts and notified authorities. It said its priorities were staff safety, protecting operational systems and maintaining business continuity.

By 12 June it restarted limited manual crushing at one mill to process cane cut before the incident. No new cane was accepted at any site.

Mackay Sugar later reported significant progress restoring cane supply, harvesting and milling systems. Steam trials began, with a staged crushing restart expected within days.

A ransomware group calling itself The Gentlemen named Mackay Sugar on its Tor-based leak site. It set a countdown timer but had not published any data.

Microsoft tracks the group as Storm-2697. Researchers describe an affiliate model, double extortion and malware that moves rapidly across networks.

It remained unclear whether attackers reached industrial control systems directly, or whether disruption followed from compromised IT systems.

Australian Operators in the Firing Line

The threat is sharpening at home. Critical infrastructure now draws sustained attention from criminals, hacktivists and state-backed actors seeking disruption and leverage.

Researchers have identified 72 active threat actors targeting food supply chains globally. Russian-linked groups account for most observed activity, followed by Chinese-linked groups.

The ACSC responded to more than 1,200 cyber security incidents in 2024-25, an 11 per cent rise. Critical infrastructure made up 13 per cent of them. 

The agency notified affected entities more than 190 times, up 111 per cent on the prior year.

From January 2026, Home Affairs shifted to active enforcement. Officials said 75 firms above $3 million turnover admitted paying ransoms in the first eight months.

 

Business Solution
Cybersecurity

A ransomware attack on Australia's second-largest sugar producer has shut two Queensland mills, the latest blow to critical infrastructure as attacks on essential industries climb.

Mackay Sugar confirmed a cyber security incident affecting parts of its operations. Milling stopped at the Farleigh and Racecourse plants near Mackay during peak crushing season.

The strike fits a widening pattern. Ransomware crews increasingly target food, energy and utilities, where downtime is costly and operators face pressure to pay.

The Food and Ag-ISAC recorded 265 ransomware attacks on the sector in 2025. Total incidents across all sectors rose 82 per cent to 6,377. 

A third Mackay Sugar mill at Marian was unaffected because it had not yet begun crushing. The company runs three mills and produces about 700,000 tonnes of raw sugar each year.

The attack forced roughly 1,300 mostly family-owned farms to stop harvesting cane. Cut cane loses sugar content quickly, so the halt threatened grower income across the region.

Mackay Sugar told growers to cease harvesting immediately and wait for further instruction. Industry body Canegrowers Mackay relayed the directive to its members.

The producer engaged specialist cyber security experts and notified authorities. It said its priorities were staff safety, protecting operational systems and maintaining business continuity.

By 12 June it restarted limited manual crushing at one mill to process cane cut before the incident. No new cane was accepted at any site.

Mackay Sugar later reported significant progress restoring cane supply, harvesting and milling systems. Steam trials began, with a staged crushing restart expected within days.

A ransomware group calling itself The Gentlemen named Mackay Sugar on its Tor-based leak site. It set a countdown timer but had not published any data.

Microsoft tracks the group as Storm-2697. Researchers describe an affiliate model, double extortion and malware that moves rapidly across networks.

It remained unclear whether attackers reached industrial control systems directly, or whether disruption followed from compromised IT systems.

Australian Operators in the Firing Line

The threat is sharpening at home. Critical infrastructure now draws sustained attention from criminals, hacktivists and state-backed actors seeking disruption and leverage.

Researchers have identified 72 active threat actors targeting food supply chains globally. Russian-linked groups account for most observed activity, followed by Chinese-linked groups.

The ACSC responded to more than 1,200 cyber security incidents in 2024-25, an 11 per cent rise. Critical infrastructure made up 13 per cent of them. 

The agency notified affected entities more than 190 times, up 111 per cent on the prior year.

From January 2026, Home Affairs shifted to active enforcement. Officials said 75 firms above $3 million turnover admitted paying ransoms in the first eight months.

 

Business Solution
Cybersecurity