Dragonforce ransomware group targets Australian gelato giant Gelatissimo

The Dragonforce ransomware group has claimed a major data theft from Australian gelato maker Gelatissimo and has threatened to leak 350 GB of data unless the company pays a ransom.

 

The ransomware-as-a-service group, which runs a cartel-like operation where affiliates are allowed to take 80% of the booty, announced earlier this week that it had compromised Gelatissimo, Australia’s largest Gelato brand, and taken approximately 350 gigabytes of data from the company’s systems.

 

Sharing samples of the stolen data on its dark web leak site, the ransomware group said it intends to leak the entire stolen dataset online if the company does not establish contact to negotiate a ransom payment. 

 

The sample datasets contained limited employee and corporate information, including employees’ names, earnings, bonuses, leave records and withheld taxes and their tax file numbers in some cases. The samples also contained corporate and operational details such as passport applications and internal reports that contained personal data.

 

Gelatissimo is Australia’s leading gelato brand, opening its first store in Sydney’s King Street in 2002 and now running more than 60 stores across Australia, as well as in the Philippines, Singapore, Saudi Arabia and the United States. Its product range includes flavoured ice cream scoops, cakes, desserts, and milkshakes. The company also offers gift cards to enhance brand reach and loyalty.

 

The company did not post a statement about the cyber incident on its website, but shared a statement with Cyber Daily, stating that it is investigating the incident and has informed the Australian Cyber Security Centre and the Australian Information Commissioner.

 

“We are investigating a cyber incident following the detection of unauthorised access to part of our systems. We are also aware of claims made by an unauthorised external party that information accessed from our systems has been published online,” the statement reads.

 

“Immediately at the time of discovering the incident, we engaged cyber security experts to contain and investigate the incident. We are working urgently to verify the third party’s claims and understand the nature and extent of any information impacted.

 

“Protecting the information entrusted to us is a responsibility we take very seriously, and we apologise for any concern this incident may cause,” the company added.

 

The company is yet to state how many customers were affected  by the incident, the nature of personal and financial information accessed by hackers, or whether the ransomware attack had caused any kind of operational disruption.