Goodline

Summary

Goodline, an Australian engineering, construction, and maintenance services company, confirmed a RansomHub ransomware attack on its systems in November 2024. The attack significantly disrupted operations, forcing the company to conduct payroll on paper during the incident response.

Attack Vector

RansomHub ransomware group breached Goodline's systems and threatened to publish stolen company data within five days of the leak site posting. RansomHub provided minimal information about the nature of the incident, consistent with the group's pattern of targeting Australian engineering and construction sector organizations throughout 2024.

Consumer Impact

The breach affected major clients including Rio Tinto, who were notified of the incident. The attack disrupted critical business operations including payroll processing, which had to be conducted manually on paper. The construction and engineering sector has been particularly targeted by RansomHub, with Goodline being one of multiple Australian firms in this sector attacked in late 2024.

Response

Goodline engaged cybersecurity firm CrowdStrike to investigate the incident and is awaiting a comprehensive report. The company proactively notified major clients such as Rio Tinto about the breach. The incident represents part of RansomHub's broader campaign targeting Australian organizations, particularly in the engineering and construction industries.