EMBARGO Group Strikes Firstmac Limited with Ransomware Attack

Incident Date:

May 4, 2024

World map



EMBARGO Group Strikes Firstmac Limited with Ransomware Attack


First Mac Limited




Brisbane, Australia

, Australia

First Reported

May 4, 2024

Ransomware Attack on Firstmac Limited by EMBARGO Group

Company Profile

Firstmac Limited, an Australian-owned financial entity, has been a significant player in the non-bank lending sector for over 40 years. Specializing in home and investment loans, the company manages a substantial portfolio, including $16 billion in home and car loans. With a workforce of approximately 500 employees, Firstmac stands out in the industry for its robust securitization practices and its partnership with global insurer Allianz Group. The company's strong market presence is further underscored by its top ranking from Standard & Poor's for loan serviceability.

Details of the Ransomware Attack

The EMBARGO ransomware group claimed responsibility for the attack on Firstmac, which was first reported on May 30, 2024. Following a ransom demand with a deadline of May 8, the group uploaded over 500 gigabytes of stolen data to its dark web leak site. This data included sensitive source code archives, database backups, and personal information of customers and staff. The breach has exposed vulnerabilities in Firstmac's cybersecurity measures, leading to potential risks for both the company and its clients.

Impact and Response

The company has acknowledged the breach and is currently conducting a thorough investigation to ascertain the full extent of the impact. The company is also in the process of notifying affected individuals and partners. Despite the severity of the data leak, access to the stolen data has been intermittently unavailable due to technical issues on the dark web platform hosting the information.

Analysis of EMBARGO's Tactics

The EMBARGO group is known for its methodical approach to ransomware attacks, often targeting entities with substantial data repositories and weaker cybersecurity frameworks. The group's strategy includes extensive reconnaissance to exploit specific vulnerabilities, which in the case of Firstmac, might have involved phishing attacks or exploiting unpatched software vulnerabilities.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.