**Netstar Australia Hit by Black Shrantac Ransomware Group in First Australian Attack**
Melbourne-based technology firm Netstar Australia, a provider of tailored GPS fleet tracking and telematics solutions, has been targeted by the Black Shrantac ransomware group, which claims to have breached its network and exfiltrated sensitive data. The threat actor listed Netstar on its dark web leak site, alleging the theft of customer data, financial records, and databases—totaling 800 GB—which it threatens to publish "soon."
Samples posted by Black Shrantac include business documents containing staff details, tax records, equipment logs, customer information, bank account numbers, addresses, emails, phone numbers, contract details, and insurance data. While the full dataset has not yet been released, the group has a history of sharing extensive proof-of-breach material.
Black Shrantac, a ransomware operation first detected in September 2025, has rapidly expanded its victim list, targeting 26 organizations worldwide, including entities in the U.S., Turkey, Indonesia, India, Peru, and Bulgaria. Netstar Australia marks the group’s first confirmed Australian victim. Unlike many ransomware groups, Black Shrantac lacks a public "about" page, leaving its operations largely opaque. However, its ransom notes reportedly warn victims that their data has been both stolen and encrypted, with instructions to avoid modifying or restarting devices to prevent decryption failures.
Netstar Australia has not publicly confirmed the breach, and further details remain unconfirmed as the company has yet to respond to inquiries. The incident underscores the growing threat posed by emerging ransomware groups leveraging double-extortion tactics—combining data theft with encryption to pressure victims into paying ransoms.
Netstar Australia cybersecurity rating report: https://www.rankiteo.com/company/netstar-australia
"id": "NET1766440959",
"linkid": "netstar-australia",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Telematics, GPS Fleet Tracking',
'location': 'Melbourne, Australia',
'name': 'Netstar Australia',
'type': 'Technology Company'}],
'data_breach': {'data_encryption': 'Implied (ransomware note mentions '
'encryption)',
'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes (names, bank '
'account details, '
'addresses, emails, '
'phone numbers)',
'sensitivity_of_data': 'High (PII, bank account details, '
'addresses, emails, phone numbers)',
'type_of_data_compromised': ['Customer data',
'Financial data',
'Databases',
'Business documents',
'Staff details',
'Tax information',
'Equipment details',
'Contract details',
'Insurance details']},
'description': 'Melbourne technology firm Netstar Australia was listed on the '
'dark web by the Black Shrantac ransomware group, which claims '
'to have breached its network and stolen data, including '
'customer data, financial data, and databases. The group has '
'posted samples of the stolen data and threatens to publish '
'the full 800 GB of data soon.',
'impact': {'brand_reputation_impact': 'Potential reputational damage',
'data_compromised': '800 GB',
'identity_theft_risk': 'High (PII exposed)',
'payment_information_risk': 'High (bank account details exposed)'},
'investigation_status': 'Ongoing',
'motivation': 'Extortion, Data Exfiltration',
'ransomware': {'data_encryption': 'Implied',
'data_exfiltration': 'Yes',
'ransomware_strain': 'Black Shrantac'},
'references': [{'source': 'Cyber Daily'}, {'source': 'PCRisk.com'}],
'threat_actor': 'Black Shrantac',
'title': 'Netstar Australia Data Breach by Black Shrantac Ransomware Group',
'type': 'Ransomware, Data Breach'}