INC Ransom Claims Cyberattack on Australian Engineering Firm Metaval, Threatens Data Leak
The INC Ransom ransomware group has listed Australian engineering firm Metaval on its dark web leak site, alleging a cyberattack and threatening to publish 80GB of stolen data within days. Metaval, a global provider of heavy-duty industrial equipment and precision-engineered components, operates across Australia, the UAE, and India, serving critical infrastructure sectors.
The group claims the exfiltrated data includes contracts, financial records, confidential business information, customer data, incident reports, and HR files, though no proof has been provided. Cyber Daily has contacted Metaval for confirmation but has not yet received a response.
INC Ransom, a ransomware-as-a-service (RaaS) operation, has rapidly climbed to the fourth-most active ransomware group globally, with 804 claimed victims since its emergence in August 2023. The group employs double-extortion tactics, stealing and encrypting data to pressure victims into paying ransoms to prevent leaks. Recent targets include Melbourne-based environmental firm Earth Systems, from which INC Ransom claimed to have stolen 600GB of data.
The group typically gains initial access through spear-phishing attacks, underscoring the ongoing threat to industrial and critical infrastructure sectors.
Metaval TPRM report: https://www.rankiteo.com/company/metavalglobal
Earth Systems TPRM report: https://www.rankiteo.com/company/reinforced-earth-australia
"id": "reimet1779231752",
"linkid": "reinforced-earth-australia, metavalglobal",
"type": "Ransomware",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Industrial Equipment / Critical '
'Infrastructure',
'location': ['Australia', 'UAE', 'India'],
'name': 'Metaval',
'type': 'Engineering Firm'}],
'attack_vector': 'Spear-phishing',
'data_breach': {'data_encryption': 'Yes (ransomware)',
'data_exfiltration': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Contracts',
'Financial records',
'Confidential business '
'information',
'Customer data',
'Incident reports',
'HR files']},
'description': 'The INC Ransom ransomware group has listed Australian '
'engineering firm Metaval on its dark web leak site, alleging '
'a cyberattack and threatening to publish 80GB of stolen data '
'within days. Metaval, a global provider of heavy-duty '
'industrial equipment and precision-engineered components, '
'operates across Australia, the UAE, and India, serving '
'critical infrastructure sectors. The group claims the '
'exfiltrated data includes contracts, financial records, '
'confidential business information, customer data, incident '
'reports, and HR files, though no proof has been provided.',
'impact': {'data_compromised': '80GB of stolen data'},
'initial_access_broker': {'entry_point': 'Spear-phishing'},
'motivation': 'Financial gain (double-extortion)',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransomware_strain': 'INC Ransom'},
'references': [{'source': 'Cyber Daily'}],
'threat_actor': 'INC Ransom',
'title': 'INC Ransom Claims Cyberattack on Australian Engineering Firm '
'Metaval, Threatens Data Leak',
'type': 'Ransomware'}