New Ransomware Group M3rx Targets Australian Firm, Steals 100GB of Data
A recently emerged ransomware group, M3rx, has claimed its latest victim: Prime Properties, a Sydney-based property investment and management consultancy firm. The group listed the company on its darknet leak site on April 29, alleging it exfiltrated 100GB of data, comprising at least 81,000 files.
Neither M3rx nor Prime Properties has disclosed a ransom demand, payment deadline, or evidence of the breach. The company has not responded to requests for comment.
About M3rx
First observed this week, M3rx is one of several new ransomware operations active in 2024. Since its debut, the group has claimed eight victims across England, the U.S., Australia, Germany, Italy, and Switzerland. Limited intelligence from IBM X-Force Exchange reveals its ransomware variant uses:
- A PE32+ x64 Go-based executable with an embedded configuration.
- X25519 key exchange and AES-CTR/AES-GCM encryption, appending a .8hmlsewu extension to encrypted files.
- A ransom note (RECOVERY_NOTES.TXT) threatening data publication unless Bitcoin is paid post-negotiation.
- Post-encryption behaviors, including Recycle Bin clearing and self-deletion via PowerShell.
About Prime Properties
Headquartered in Sydney’s Kensington suburb, Prime Properties specializes in property investment, building management, and tailored consultancy services for small and medium-sized enterprises. The firm designs procedural systems for commercial clients, though the scope of compromised data remains unconfirmed.
M3rx’s rapid expansion and technical sophistication signal a growing threat, with further details on the attack’s impact pending.
Prime Properties Asset Management cybersecurity rating report: https://www.rankiteo.com/company/prime-properties-asset-management
"id": "PRI1777616651",
"linkid": "prime-properties-asset-management",
"type": "Ransomware",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Real Estate',
'location': 'Sydney, Kensington, Australia',
'name': 'Prime Properties',
'type': 'Property Investment and Management '
'Consultancy'}],
'data_breach': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'number_of_records_exposed': '81,000 files'},
'date_publicly_disclosed': '2024-04-29',
'description': 'A recently emerged ransomware group, M3rx, has claimed its '
'latest victim: Prime Properties, a Sydney-based property '
'investment and management consultancy firm. The group listed '
'the company on its darknet leak site on April 29, alleging it '
'exfiltrated 100GB of data, comprising at least 81,000 files.',
'impact': {'data_compromised': '100GB of data, at least 81,000 files'},
'ransomware': {'data_encryption': 'AES-CTR/AES-GCM, appends .8hmlsewu '
'extension',
'data_exfiltration': 'Yes',
'ransomware_strain': 'M3rx'},
'references': [{'source': 'IBM X-Force Exchange'}],
'threat_actor': 'M3rx',
'title': 'M3rx Ransomware Group Targets Australian Firm Prime Properties',
'type': 'Ransomware'}