Exclusive: Dire Wolf claims ransomware attack on WineWorks Australia

Threat actors have claimed a cyber attack on a South Australian wine freight and logistics firm, claiming to have stolen both customer and business data.

Established in 2004, WineWorks Australia is a freight and logistics company servicing the booming South Australian wine industry, with temperature-controlled warehouses and solutions that allow wine to be transported to its destination “in the same condition that your winemaker intended”.

On 25 August, the company was listed on the dark web leak site of the Dire Wolf ransomware gang, which claimed to have exfiltrated 22 gigabytes of data, including customer information, sales data and financial data.

You’re out of free articles for this month

Dire Wolf also posted a link to a list of exfiltrated files and said it would “publish all documents” by 10 September.

According to the file list, data includes log-in passwords, vehicle service histories, licenses, wine-picking slips and many other business documents, the contents of which are unknown.

Cyber Daily has reached out to WineWorks Australia and is awaiting a statement.

Dire Wolf is a relative newcomer to the ransomware space, first appearing in May when it listed six victims at once, including the Legal Practice Board of Western Australia.

In a post on 26 May, the group claimed to have exfiltrated 300 GB of data, including limited contact details and correspondence and bank account information.

Within the post, the hackers shared some details of the data exfiltrated; however, due to an injunction, Cyber Daily is unable to report on the contents of what has been published.

Alongside links to sample data, Dire Wolf has published its intended timeline for publishing the dataset. Sample data was published on 26 May, and the gang planned to publish half the files on 15 June, with the remaining on 30 June.

The Legal Practice Board of Western Australia confirmed at the time that it was aware of the actor’s claims. Dire Wolf has failed to publish any data it claimed to have exfiltrated.

Updated – 28/08/2025: Removed a now outdated statement by the Legal Practice Board of Western Australia.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.