Stolen 24 gigabytes, including financial data invoices, purchase orders, and details of retail partners. Also employee data, medical certificates, superannuation details, and Medicare applications.
Source: Snow Brand Australia confirms SafePay ransomware attack | Cyberdaily.au
View more incidents relating to the Manufacturing Manufacturing sector and incidents from Victoria.
Summary
Snow Brand Australia has confirmed a recent ransomware attack by the SafePay ransomware gang, impacting some of its employee data. The attack was listed on SafePay’s darknet leak site, alongside 23 other victims. The gang, which appears to be a new operation possibly based in Russia, published an archived dataset of almost 24 gigabytes, including financial data such as invoices, purchase orders, and details of the company’s business with various retail partners. Also included are some employee data, such as medical certificates, superannuation details, and Medicare applications
Statements
A Snow Brand spokesperson stated, “Snow Brand recently experienced a cyber incident where unusual activity was detected on our network. We immediately secured our network and initiated an investigation to understand what happened, including any impact to information.”
The Australian Cyber Security Centre and the Office of the Australian Information Commissioner have been notified, and the company has communicated with individuals impacted by the data breach. The spokesperson added, “We otherwise confirm our systems are secure, and Snow Brand remains fully operational.”
Impact
The financial data could be used for BEC or fraud, customers of Snow Brand should take extra care when making payments. The more significant impact is the PII of employees’ data, especially the superannuation and Medicare details.
Attacker
SafePay is a new ransomware operation, with Snow Brand being one of its first victims. According to research by cyber security firm Huntress, SafePay only began operating within the last couple of months. The gang checks for systems using Cyrillic characters and aborts the attack if found, suggesting an Eastern European origin.
Conclusion
This incident underscores the increasing vulnerability of the global food industry to ransomware attacks. Cybercriminals have intensified their focus on critical industries, aiming to exploit operational dependencies on technology and data.
“Organizations in the food production sector must recognise that they are high-value targets for cybercriminals,” said a cybersecurity expert. “Investing in robust cybersecurity measures is no longer optional but essential for operational resilience.”
Industry Incidents
Related
