The gang has used the Maze website to provide an indication that it has carried out an attack, but says proof will only be available later.
The Sydney-based firm provides tailored management solutions for strata and community schemes, and building management committees, according to its website.
It has five offices — in Central Sydney, Parramatta, Newcastle, Tweed Heads and Port Stephens — and a workforce of 50.
Maze is used widely by a variety of attack groups and was used to attack the global technology firm Pitney Bowes.
There were also claims of a Maze attack on South Korea's LG group, but these were called into question by Emsisoft ransomware threat researcher Brett Callow who described the group as a "bunch of lowlifes", adding that lowlifes were not known for their honesty.
He said his reasoning was based on several factors that had been noticed in the behaviour of groups using Maze after the pandemic began: a change from listing two or three firms in a day to listing a much larger number; posting password-protected archives for which the passwords did not work; auctioning data after the COVID-19 crisis got into full swing; and another group, REvil, claiming to have data on Donald Trump and then claiming to have sold it.
Callow added that it now looked like these groups could be auctioning data from old attacks that happened before they launched their leak site, all tactics that seemed to indicate desperation.