Cyber Incident Victim: Evolution Mining Limited
Date:
Aug 2024
Location:
Australia
Summary
Evolution Mining Limited experienced a ransomware attack impacting its IT systems, which was contained with assistance from external cyber forensic experts. The company prioritized protecting health, safety, privacy, systems, and data, confirming no private or commercially sensitive information was stolen and minimal data loss occurred due to robust backup systems. Operations across its multiple mining sites were unaffected, with no material impact anticipated. The incident was reported to the Australian Cyber Security Centre, reflecting broader sector vulnerabilities as cyberattacks increasingly target resource-based industries.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Evolution Mining Limited detected a ransomware attack impacting its IT systems on 8 August 2024, prompting immediate engagement with external cyber forensic experts to investigate the breach. The company issued an ASX announcement on 12 August confirming the incident had been contained following proactive management focused on safeguarding health, safety, privacy, systems, and data. Evolution reported the attack to the Australian Cyber Security Centre (ACSC) and maintained throughout its communications that no material operational disruptions were anticipated across its six mining operations, including sites in New South Wales, Queensland, Western Australia, and Canada. During a conference call accompanying the release of Evolution’s full-year financial results on 14 August, Managing Director Lawrie Conway explicitly stated no private, personal, or commercially sensitive data had been compromised or stolen. Conway emphasized the robustness of backup systems, indicating minimal data loss would occur despite the ransomware encryption. The company declined interview requests from media outlets but reiterated in written statements that its response prioritized workforce privacy and continuity of mining activities, including the $250 million expansion of its Mungari gold mine in Western Australia.
The incident occurred amid broader cybersecurity challenges in Australia’s resources sector, with the ACSC reporting nearly 94,000 cybercrime incidents nationally in 2022-23—equivalent to one report every six minutes. Evolution’s workforce of approximately 3,129 permanent, fixed-term, and casual employees as of mid-2024 remained unaffected by data exposure, according to executive assurances. Forensic analysis revealed no evidence of exfiltrated material from servers, though the company did not disclose technical specifics regarding attack vectors or ransomware variants involved. Evolution’s operational continuity claims aligned with its record $422 million profit announced concurrently with the cyber incident disclosure. The ACSC declined to comment on the case, consistent with its policy regarding individual investigations, while Evolution’s executive leadership maintained public messaging that containment was achieved without requiring significant system restoration from backups. No ransom demands or threat actor affiliations were disclosed in official statements, and the company concluded its communications by affirming compliance with regulatory disclosure obligations through ASX announcements approved by Executive Chair Jake Klein.