You have 0 free articles left this month.
Register for a free account to access unlimited free content.
Powered by MOMENTUM MEDIA
lawyers weekly logo

Powered by MOMENTUMMEDIA

Breaking news and updates daily. Subscribe to our Newsletter
Advertisement

Exclusive: Contractor Brighton Australia listed on SafePay’s ransomware leak site

Hackers claim to have stolen more than 160 gigabytes of data from a Sydney-based construction contractor.

Exclusive: Contractor Brighton Australia listed on Safepay’s ransomware leak site
expand image

The SafePay ransomware gang has listed Brighton-Le-Sands-based contractor Brighton Australia as a victim on its darknet leak site.

The company was one of more than 30 businesses listed by the hackers on 30 March, with victims hailing from all over the world.

Safepay doesn’t share much detail in its leak post, saying only that it was planning to host a 160 gigabyte Zip archive on its leak site, as well as a file listing of the stolen data. SafePay has not provided a description of the stolen data or a ransom demand.

However, as of the time of writing, neither of those links appear to be active.

A sample of the gang’s ransom note does give some insight into SafePay’s operations, however.

“Greetings! Your corporate network was attacked by SafePay team. Your IT specialists made a number of mistakes in setting up the security of your corporate network, so we were able to spend quite a long period of time in it and compromise you,” SafePay said in its note, readme_safepay_ascii.txt.

“It was the misconfiguration of your network that allowed our experts to attack you, so treat this situation as simply as a paid training session for your system administrators.”

The note explained that the gang has encrypted “files of importance” and that particularly interesting files have been exfiltrated for later extortion and publication.

“Now we are in possession of your files such as: financial statements, intellectual property, accounting records, lawsuits and complaints, personnel and customer files, as well as files containing information on bank details, transactions and other internal documentation,” the note said.

The note explained how to contact SafePay and outlined the gang’s motivations.

“We are not a politically motivated group and want nothing more than money. Provided you pay, we will honour all the terms we agreed to during the negotiation process,” it said.

SafePay listed its first victim on 20 November 2024, when it listed almost 25 companies in one go, including Australian dairy supplier Snow Brand Australia and New Zealand importer Triton Sourcing & Distribution. Since then, it has claimed a total of 122 victims, six of whom are Australian.

At the time of writing, Brighton Australia’s website is down, but its LinkedIn page describes the company as having experience in “all types of interior and exterior architectural finishes”. It has worked with several prominent architects on projects such as Westfield Sydney City, One Central Park, and Macquarie Bank’s headquarters. Other customers include Westpac, Optus, and JP Morgan.

Cyber Daily has contacted Brighton Australia for comment but has yet to receive a reply.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

You need to be a member to post comments. Become a member for free today!

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.