RANSOMWARE OPERATION💰 FINANCIAL
sugar
1
aliases
Intelligence Profile
Ransomware, written in Delphi.
Threat Analysis
sugar is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.
Financially motivated threat actors like sugar prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
Intelligence Reports Mentioning sugar
Australian sugar producer works to restore operations as ransomware group claims attack
The Record· Jun 18, 2026
Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer
SecurityWeek· Jun 15, 2026
Cyberattack shuts down major Australian sugar mills, disrupting harvest
The Record· Jun 10, 2026
External References
Quick Facts
TypeRansomware Operation
Motivation💰 financial
Aliases1
Also Known As
sugar
DLS Infrastructure
○ OFFLINEchat5sqrnzqewampznybomgn4hf2m53tybkarxk4sfaktwt7oqpkcvyd.onion
○ OFFLINEsugarpanel.space
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.