Snow Brand Australia, a subsidiary of the Japanese dairy company, has confirmed that it was targeted in a ransomware attack by the emerging SafePay group. The attack was first detected when unusual network activity was identified, prompting an immediate response from the company. SafePay, a relatively new ransomware operation, managed to breach Snow Brand’s systems and steal nearly 24 GB of sensitive data. The leaked data, which was posted on the group’s darknet leak site, includes a variety of financial records, such as invoices, purchase orders, and details about business dealings with retail partners like Romeo’s Retail Group. Additionally, the attackers accessed personal information of employees, including medical certificates, superannuation details, and Medicare applications.
This breach marks Snow Brand Australia as one of the first victims of the SafePay ransomware group, which is believed to have only started its operations in recent months. According to the group’s minimalistic darknet leak site, which only lists the names of victims along with their revenue and details about the stolen data, Snow Brand’s data leak is part of a broader wave of attacks. In total, 23 other organizations were affected by SafePay, highlighting the group’s rapid expansion. Although the stolen data primarily concerns financial documents and employee details, Snow Brand emphasized that the breach’s impact was limited in scope, with the company acting swiftly to contain the situation and secure its network.
In response to the attack, Snow Brand launched an investigation into the breach to understand the extent of the damage and to prevent further compromises. The company notified the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC) about the breach, complying with Australian regulations regarding data protection and notification. Snow Brand also assured its customers and employees that it had secured its systems and remained fully operational, despite the incident. The company has since contacted affected individuals, offering support and guidance on preventive measures to mitigate any potential misuse of their personal information.
The SafePay ransomware group’s methods and tactics have raised concerns among cybersecurity experts. Research conducted by Huntress, a cybersecurity firm, has revealed that SafePay is a new player in the ransomware scene. The group seems to have a particular interest in systems using Cyrillic characters, with the group aborting attacks on such systems, which has led experts to speculate that the operation may be based in Eastern Europe, possibly Russia. The attack on Snow Brand is part of a growing trend of ransomware operations targeting businesses worldwide, and it highlights the vulnerabilities many organizations still face despite increasing awareness of cybersecurity threats. With new ransomware operators like SafePay emerging, it is clear that businesses must remain vigilant and enhance their security measures to protect against these evolving threats.
Reference:
