Earth Systems: Exclusive: Aussie firm Earth Systems listed by INC Ransom hacking group

INC Ransom Strikes Australian Environmental Firm Earth Systems, Steals 600GB of Sensitive Data

The INC Ransom ransomware group has claimed responsibility for a cyberattack on Earth Systems, an Australian environmental management firm with a global presence. On May 7, the hackers listed the Victoria-based company on their darknet leak site, alleging they exfiltrated at least 600GB of data, including corporate records, client contracts, and project details under non-disclosure agreements (NDAs).

The threat actors have begun releasing samples of the stolen data, which include invoices, internal correspondence, mining project impact assessments, and subcontractor work authorizations. Several other global entities, particularly in the mining sector, are referenced in the exposed documents. INC Ransom has indicated the data will be published in three parts, though the sizes of the remaining batches remain undisclosed. While no ransom demand has been made public, the group has set an apparent 12-day deadline for payment.

About INC Ransom
First observed in August 2023, INC Ransom operates as a ransomware-as-a-service (RaaS) group, providing its malware to affiliates in exchange for a share of profits. The group has rapidly climbed the ranks of active ransomware actors, rising from fifth to fourth place in recent weeks. Known for double-extortion tactics, INC Ransom steals data before encrypting victims’ systems, demanding payment to prevent public leaks or resale. Initial access is often gained through spear-phishing attacks. Their most recent Australian victim was the Bendigo & District Aboriginal Co-operative in April.

About Earth Systems
Headquartered in Port Melbourne, Victoria, Earth Systems provides environmental and social impact assessment, climate change mitigation, water management, and resource efficiency services to industries including mining, oil and gas, infrastructure, and urban development. The firm operates offices across Africa, Asia, and Europe, as well as in Brisbane, serving multinational clients in high-stakes sectors.

As of publication, Earth Systems has not responded to requests for comment. The incident underscores the growing targeting of environmental and resource-sector firms by ransomware groups, with potential implications for client confidentiality and operational security.

Source: https://www.cyberdaily.au/security/13582-exclusive-aussie-firm-earth-systems-listed-by-inc-ransom-hacking-group

Earth Systems cybersecurity rating report: https://www.rankiteo.com/company/earth-systems

"id": "EAR1778567199",
"linkid": "earth-systems",
"type": "Ransomware",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Environmental and social impact '
                                    'assessment, climate change mitigation, '
                                    'water management, resource efficiency',
                        'location': 'Port Melbourne, Victoria, Australia (with '
                                    'offices in Africa, Asia, and Europe)',
                        'name': 'Earth Systems',
                        'type': 'Environmental management firm'}],
 'attack_vector': 'Spear-phishing',
 'data_breach': {'data_exfiltration': 'Yes',
                 'sensitivity_of_data': 'High (confidential client data, NDAs)',
                 'type_of_data_compromised': ['Corporate records',
                                              'Client contracts',
                                              'Project details under NDAs',
                                              'Invoices',
                                              'Internal correspondence',
                                              'Mining project impact '
                                              'assessments',
                                              'Subcontractor work '
                                              'authorizations']},
 'date_publicly_disclosed': '2024-05-07',
 'description': 'The INC Ransom ransomware group has claimed responsibility '
                'for a cyberattack on Earth Systems, an Australian '
                'environmental management firm with a global presence. The '
                'hackers exfiltrated at least 600GB of data, including '
                'corporate records, client contracts, and project details '
                'under non-disclosure agreements (NDAs). The threat actors '
                'have begun releasing samples of the stolen data, which '
                'include invoices, internal correspondence, mining project '
                'impact assessments, and subcontractor work authorizations. '
                'Several other global entities, particularly in the mining '
                'sector, are referenced in the exposed documents. INC Ransom '
                'has indicated the data will be published in three parts, '
                'though the sizes of the remaining batches remain undisclosed. '
                'While no ransom demand has been made public, the group has '
                'set an apparent 12-day deadline for payment.',
 'impact': {'brand_reputation_impact': 'Potential impact on client '
                                       'confidentiality and operational '
                                       'security',
            'data_compromised': '600GB'},
 'motivation': 'Financial gain (double-extortion)',
 'ransomware': {'data_encryption': 'Yes (implied by ransomware attack)',
                'data_exfiltration': 'Yes',
                'ransomware_strain': 'INC Ransom'},
 'references': [{'source': 'Cyber incident report'}],
 'threat_actor': 'INC Ransom',
 'title': 'INC Ransom Strikes Australian Environmental Firm Earth Systems, '
          'Steals 600GB of Sensitive Data',
 'type': 'Ransomware'}