A spokesperson from Nexia Australia and New Zealand, a network of solutions-focused accountancy and consultancy firms, said the attack had taken place on 3 November and had been acted upon immediately.
An external IT consultant, Systima, was called in to deal with the incident and the spokesperson claimed that a report from the firm and a report from the Vocus exchange dated 11 November showed that no data had been exfiltrated.
The listing for Nexia on the website of the REvil operators on the dark web has now disappeared, something that normally happens when a victim pays whatever ransom has been demanded or else is negotiating with the attackers.
"As part of the process passwords were changed, servers were patched and firewalls were geo locked. Our systems continue to be monitored as per our standing arrangements."
The spokesperson claimed that iTWire had not made contact with the firm, even though an email seeking comment was sent to the company on the morning of 7 November using the only email address available on its website.
A report was published on 10 November, a day after the company was asked to respond with its version of events.