More than a week after a significant cyberattack, **Mackay Sugar** is working to restore its systems while verifying claims from the **Gentlemen** ransomware group. The company has acknowledged that an external party accessed parts of its IT environment and is urgently working to verify the nature and extent of any information that may have been accessed. ### Operational Disruptions and Recovery Efforts The cyberattack, which occurred on June 10, forced the immediate suspension of operations at **Mackay Sugar**'s Racecourse and Farleigh mills. This disruption brought the annual sugarcane crushing season to a standstill across large parts of Queensland's Mackay region. While a third facility avoided disruption as it was not operational at the time, the company expects some harvesting to resume this week. **Mackay Sugar** emphasized its commitment to supporting growers and safely resuming full operations as soon as possible. ### The Gentlemen Ransomware Group The **Gentlemen** ransomware group has claimed responsibility for the attack, threatening to publish allegedly stolen data if a ransom is not paid. The group has yet to disclose the specific information it claims to have obtained or its demands, and **Mackay Sugar** has not confirmed any contact with the attackers. Australian law mandates that victims of ransomware attacks report any extortion payments made to cybercriminals to the government. According to cybersecurity firm **ESET**, **Gentlemen** emerged in late 2025 and has quickly become one of the most active ransomware operations this year. The group operates under a ransomware-as-a-service (RaaS) model, offering affiliates a substantial percentage (up to 90%) of ransom payments. They also employ double-extortion tactics, both encrypting systems and exfiltrating data. Researchers note that the group's operators have prior experience with other prominent ransomware operations, including **Qilin**, **Embargo**, **LockBit**, **Medusa**, and **BlackLock**. While the group's exact origins remain unknown, security researchers have found evidence suggesting its founder is a Russian speaker.