Triton Sourcing & Distribution, a New Zealand-based importer, has confirmed it fell victim to a ransomware attack by the newly emerged SafePay gang. The attack, which took place in early October 2024, resulted in the breach of at least 10GB of data, primarily consisting of XML files related to Triton’s Exo order system. SafePay, which has only been active since October, posted the stolen data on its darknet leak site, revealing order details and other operational processes. While the data leak is concerning, the company assures that no personal data was compromised in the breach.
The breach caused operational disruptions at Triton, temporarily halting some of its business activities. Despite the inconvenience, Triton was able to recover relatively quickly, catching up on delayed orders. A spokesperson for the company confirmed that they promptly informed both staff and clients about the attack, which resulted in only a short-term disruption to their services. The company’s operations are now back on track, with ongoing efforts to ensure that their systems remain secure in the future.
Triton’s spokesperson further stated that they had thoroughly assessed the compromised data and concluded that it posed no significant risk to third parties or their staff. The leaked data primarily involved operational details, such as order information, and did not include any personal or sensitive data typically linked to HR or business functions. The company emphasized that the cloud platforms used for storing critical personal data were not impacted during the breach, mitigating concerns over a wider data exposure.
SafePay’s ransomware activity appears to be part of a broader trend of attacks by new and evolving cybercriminal groups. Since its emergence in October, SafePay has listed 24 victims on its leak site, mainly targeting organizations globally. It is believed that the group operates out of Eastern Europe, as its leak site notably excludes machines using Cyrillic characters. As Triton recovers from the breach, it serves as a reminder of the increasing threat posed by new ransomware gangs and the importance of vigilance in securing organizational systems.
Reference:
