Western Australian mining company Avenira Limited has been listed as a victim on a darknet leak site operated by an affiliate of the INC Ransom group, following an alleged ransomware intrusion involving company documents and contracts – adding to the growing body of cyber incidents relevant to insurers and brokers advising clients on cyber risk and coverage.
Cyber Daily reported that in a Dec. 16 post on its leak site, the affiliate claimed to have removed about a terabyte of data from Avenira’s systems, including “quite a few NDAs.” As evidence of the alleged intrusion, the group released a small batch of files said to have been taken from the company’s network.
The sample files reportedly include an internal memorandum, mineral exploration reports, confidentiality agreements, signed correspondence, and what appears to be a signed non-disclosure agreement involving another mining company. The attackers have not publicly stated how much money they are seeking or specified a deadline for payment, but indicated that further data could be disclosed. Avenira has not issued a public statement on the incident and did not respond to media enquiries at the time of writing. The company has not disclosed any details about the operational or financial impact, if any, or whether systems have been disrupted.
Read next: Ransomware strikes Australian mining giant
Avenira is headquartered in Perth and has an additional office in West Perth. The company has two main projects: the Jundee Project in Western Australia, which includes gold prospects and areas with lithium and potash potential, and the Wonarah Phosphate Project in the Northern Territory.
INC Ransom has been active since around August 2023 and has claimed hundreds of victims globally. The group is associated with spear phishing to obtain initial access and with double-extortion methods, in which data is exfiltrated before being encrypted on the victim’s systems, creating both operational disruption and data-privacy exposures. Under this model, victims may be asked to pay not only to restore access to their data but also to prevent stolen information from being published or traded to other threat actors. The group has claimed 16 Australian organisations to date, including textile supplier Instyle, which appeared on its leak site in early December.
The alleged Avenira breach follows other ransomware incidents in the Australian mining industry. In 2024, Evolution Mining Limited disclosed that its IT environment had been affected by ransomware. Evolution Mining stated that it had engaged external cyber forensic specialists to investigate and remediate the event. According to its public updates, initial assessments suggested the incident was contained. The company said it had prioritised the health, safety, and privacy of personnel and the integrity of its systems and data, and indicated that it did not expect the incident to have a substantial impact on operations.
The Avenira incident occurs against a backdrop of increased ransomware and cyber activity across Australia and New Zealand, with direct implications for cyber insurance pricing, capacity, and coverage terms. Research from Opentext Cybersecurity indicates that about 40% of Australian organisations faced at least one ransomware attack in the past year, with almost half of those attacked more than once. Around a third of affected organisations chose to pay a ransom, and 41% of those payments exceeded US$250,000.
Separate survey data from Arctic Wolf shows that about 85% of organisations in Australia and New Zealand reported experiencing at least one cyber incident over a similar period, compared with 76% globally. In that sample, nearly three-quarters of organisations that suffered ransomware events reported paying ransoms to prevent data leaks. Ninety-one per cent engaged external negotiators, but fewer than half secured a reduction in the initial ransom demand.
For brokers and underwriters, these figures are relevant to ongoing discussions about ransom reimbursement, minimum security controls, and the role of external incident response providers. Alleged attacks on companies such as Avenira are likely to inform sector-specific underwriting approaches for mining and critical supply chains, including expectations around multi-factor authentication, network segmentation between IT and operational technology, data governance, and contractual risk transfer.
