Malik Haidar has spent years navigating the high-stakes intersection of digital intelligence and corporate operations, specializing in the defense of multinational infrastructure. As an expert in integrating business strategy with cybersecurity, he has a unique vantage point on how a single breach can ripple through a global supply chain. Today, we discuss the recent ransomware attack on Mackay Sugar, Australia’s second-largest sugar producer, and the tactical shifts required when a high-tech manufacturer is forced to return to manual labor. We explore the threat posed by the “Gentlemen” hacking group and the logistical nightmare of securing critical agricultural assets during a mid-season shutdown.
When a major producer like Mackay Sugar is forced to “recommence a limited manual crushing operation,” what does that actually look like for a facility that typically relies on digital automation?
Transitioning to manual operations in a modern mill is an incredibly grueling process that feels like stepping back fifty years in time. When the digital systems at Mackay Sugar were compromised on June 10, the company had to immediately halt its three Queensland mills to prevent the infection from spreading further. By June 12, they were only able to restart “limited” crushing at one mill to process cane that had been harvested before the shutdown, which requires a massive mobilization of personnel to track logistics by hand. You are essentially replacing high-speed automated sensors with human eyes and paper logs, a shift that drastically slows down the 24-hour production cycle. It is a desperate but necessary race to process the raw material before it spoils, proving that human resilience is the final fail-safe in any industrial crisis.
The Gentlemen ransomware group, also known as Storm-2697, has reportedly listed over 500 victims on their website since mid-2025. What makes their specific malware strain so effective against large-scale industrial targets?
The Gentlemen group uses a particularly aggressive form of malware that features “worm-like lateral movement” capabilities, allowing it to hop from one computer to another without any human interaction. This is why a breach at Mackay Sugar didn’t just stay in the office; it threatened the “key cane supply and logistics systems” that keep the entire operation moving. Since they appeared on the scene in mid-2025, they have perfected a “double extortion” tactic where they exfiltrate sensitive data before encrypting the system to ensure they have maximum leverage. Their ability to quickly compromise over 500 victims suggests a highly automated and professional operation that specifically targets the “connective tissue” of a business. For a producer, the pressure to pay is immense because every hour the systems are encrypted is another hour that a perishable crop sits rotting in a field.
During the recovery phase, Mackay Sugar mentioned conducting “steam trials” and “final validation activities” before resuming full operations. Why is this validation process so critical when dealing with industrial control systems?
In an industrial environment, you cannot simply “turn the power back on” after a ransomware attack because you have no guarantee that the machinery will behave safely. The “steam trials” mentioned in the June 15 update are essential to ensure that the code controlling the physical boilers and crushers hasn’t been tampered with or corrupted. If a hacker has reached the Operational Technology (OT) side, a simple command error could lead to a catastrophic mechanical failure or an explosion. Taking the “responsible course of action” means meticulously checking every sensor and valve to ensure the “staged restart” doesn’t result in physical injury to the workers. It is a slow, methodical process that involves validating thousands of data points to reclaim trust in a compromised environment.
How does an attack like this impact the broader ecosystem of growers and harvesters who are suddenly told not to deliver their crops?
The agricultural supply chain is built on a “just-in-time” delivery model, so telling growers to stop harvesting creates a massive backlog that can disrupt the entire regional economy. By June 15, Mackay Sugar was still advising growers and harvesters to stay idle while they worked on restoring the systems that support the “cane supply” chain. This creates a terrifying financial vacuum for the farmers who have already invested in their harvest and are now watching their window of peak sugar content slowly close. The emotional toll on a community is heavy when the “second-largest” producer in the country is paralyzed, as the ripples of the “Storm-2697” attack extend far beyond the mill’s walls to the kitchen tables of every farm family. It highlights a critical vulnerability where a few lines of malicious code can essentially hold an entire harvest hostage.
What is your forecast for ransomware threats targeting the agricultural and food production sectors over the next few years?
I predict that the agricultural sector will become a primary target for groups like the Gentlemen because attackers have realized that food producers cannot afford even a 48-hour delay during harvest season. We will likely see more “living-off-the-land” attacks where hackers use the company’s own administrative tools to facilitate that “worm-like” spread, making detection much harder for traditional antivirus software. Companies will be forced to invest heavily in “air-gapped” backups for their logistics systems so that they can maintain “interim processes” without shutting down the entire mill. The battle will move toward “cyber-physical” resilience, where the goal isn’t just to stop the hack, but to ensure that the “crushing operations” can keep moving even while the IT department is fighting a digital war. Ultimately, the industry must prepare for a future where a cyberattack is treated with the same urgency and preparation as a major hurricane or a flood.
