Ransomware: threeam claims amc.org.au (AU) — Not Found

A new ransomware incident has been publicly claimed by the threat group Threeam, targeting the domain amc.org.au, which is associated with an Australian entity. The claim was published on the ransomware.live data leak site on June 12, 2026, under the BREACH framework. While the specific organization behind amc.org.au has not been confirmed, the .au domain suggests it may involve an Australian business, government agency, or non-profit. This publication indicates that the attackers have likely exfiltrated data and are threatening to release it unless a ransom is paid.

Organizations in Australia, particularly those using .au domains, are directly affected by this incident. Sectors such as healthcare, education, finance, and critical infrastructure should be especially vigilant, as ransomware groups frequently target entities with sensitive data. The breach serves as a reminder that no sector is immune, and any organization with a public-facing digital presence could be at risk.

Compliance teams should immediately verify whether their organization has any association with the amc.org.au domain or its parent entity. If not, they should still treat this as a trigger to review and test their incident response plans, focusing on ransomware preparedness. Teams should ensure that data backups are isolated and tested, multi-factor authentication is enforced, and that employee phishing awareness training is up to date. Additionally, they should monitor ransomware.live and similar threat intelligence sources for any mentions of their own domains or brands.