Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Threat actors have claimed a cyber attack on an Australian fire protection service firm, listing the company on its dark web leak site and allegedly having exfiltrated data.
Extreme Fire Solutions is a Castle Hill, NSW-based company specialising in the installation and maintenance of essential fire protection services.
The SafePay ransomware operation listed Extreme Fire Solutions on its dark web leak site overnight, claiming to have exfiltrated 47 gigabytes of data.
While SafePay provided little to no information on the incident, it set a countdown timer for the publication of the data at just over three days at the time of writing. It also provided a “download listing” link, which is broken.
Cyber Daily reached out to Extreme Fire Solutions, which declined to comment on the matter.
SafePay is a relatively new player in the ransomware game, having first been observed active in October 2024.
The group has been observed targeting businesses in Australia, the United Kingdom, the United States, Italy, New Zealand, Canada, Belgium, Brazil, Germany, Barbados, and Argentina and, according to the group, is not a ransomware-as-a-service (RaaS) operation.
“SafePay ransomware has never provided and does not provide the RaaS,” it said on its dark web leak site.
However, a sample of the group’s ransom note grants some insight into SafePay’s operations.
“Greetings! Your corporate network was attacked by SafePay team. Your IT specialists made a number of mistakes in setting up the security of your corporate network, so we were able to spend quite a long period of time in it and compromise you,” SafePay said in its note, readme_safepay_ascii.txt.
“It was the misconfiguration of your network that allowed our experts to attack you, so treat this situation as simply as a paid training session for your system administrators.”
The note explained that the gang has encrypted “files of importance” and that particularly interesting files have been exfiltrated for later extortion and publication.
“Now we are in possession of your files such as: financial statements, intellectual property, accounting records, lawsuits and complaints, personnel and customer files, as well as files containing information on bank details, transactions and other internal documentation,” the note said.
The note also explained how to contact SafePay and outlined the gang’s motivations.
“We are not a politically motivated group and want nothing more than money. Provided you pay, we will honour all the terms we agreed to during the negotiation process,” it said.
Just last month, SafePay claimed a cyber attack on Brighton-Le-Sands-based contractor Brighton Australia.
Once again, SafePay shared little detail within the listing, only saying it had exfiltrated 160 gigabytes of data and provided two broken links to download the listing or view the data.
Be the first to hear the latest developments in the cyber industry.
