Goodline, an Australian firm specializing in engineering, construction, and maintenance services, has confirmed it was the victim of a cyberattack by the RansomHub threat group. The breach occurred on September 17, 2024, when the attackers gained access to Goodline’s network using stolen company credentials. The threat group claimed responsibility for the attack, asserting that it exfiltrated 600 gigabytes of data. However, Goodline’s executive manager, Catherine Kennedy, clarified that no personal data from employees or clients was compromised, as the stolen information consisted primarily of back-end data.
The company is actively investigating the breach with the assistance of cybersecurity giant CrowdStrike, which is expected to provide a comprehensive report on the incident. Despite the significant data theft, Goodline has managed to maintain operations, with some temporary disruptions. Kennedy praised the resilience of her team, mentioning how they effectively continued payroll processes manually during the system outages. Major clients, including mining giant Rio Tinto, have been notified of the incident.
RansomHub, a notorious ransomware group, has been linked to several cyberattacks targeting Australian organizations in recent months. The group initially listed Goodline on its darknet leak site on September 18, offering only minimal details about the attack. No ransom amount was specified, but a seven-day deadline was given for payment. The data taken in the attack included internal documents, financial information, and sensitive company details, though RansomHub has yet to release any of this data publicly.
While Goodline continues to manage the aftermath of the attack, the ongoing threat of further data exposure remains. RansomHub has already made similar demands in other Australian cyberattacks, including a breach of the Australian interior solutions firm Nikpol. Goodline has reinforced its cybersecurity measures, while CrowdStrike’s investigation aims to uncover more about the scope of the breach and the attackers’ tactics. The firm’s quick response, along with its transparency in notifying affected parties, highlights the importance of proactive cybersecurity strategies in defending against such advanced persistent threats.
Reference: