The firm has operations in both Australia and New Zealand through various in-house brands, according to Wikipedia. Its headquarters are in Fitzroy, a suburb of Melbourne.
Spotless, which is owned by the Downer Group, provides services to the defence, business, senior living, education, government, healthcare resources, water, power, transport industries and stadia, venues and leisure sectors.
Contacted for comment, a spokesman said on Tuesday: "We confirm we are investigating suspicious activity involving unauthorised access to a number of Spotless servers.
"We have restricted access to a number of Spotless servers and have notified the Australian Cyber Security Centre and NZ National Cyber Security Centre.
"We have enacted business continuity plans that allow us to continue the delivery of our services.
"At this stage, we have no evidence that any data has been impacted."
None of the major ransomware groups has listed Spotless among their victims as yet.
The normal process is for attackers to give victims time to pay the ransom and then post information about the victim online if they refuse to agree to the ransom demand.
Commenting on the incident, Mark Lukie, sales engineer manager for APAC at Barracuda, said: "There's been a spike in ransomware attacks on Australian businesses this year, taking advantage of the pandemic to wreak havoc on organisations.
"The attack surface is much greater now that so many workers are still working from home, where they may lack the same level of email protection they would get in an office.
"It highlights the need to for organisations to take a more proactive approach to cyber security training, transforming employees from a security liability into a line of defence."