Snow Brand Australia

Summary

Snow Brand Australia, the Australian arm of Japanese dairy company Snow Brand, confirmed it was the victim of a SafePay ransomware attack in November 2024. The breach resulted in exposure of a 24-gigabyte dataset containing financial documents, business records, and sensitive employee information.

Attack Vector

SafePay ransomware gang, a new operation that began operating within months of the attack, targeted Snow Brand Australia using ransomware-as-a-service tactics utilizing LockBit source code. The group employs a double-extortion strategy, encrypting files and threatening to release stolen data if ransom demands are not met. Snow Brand was listed among almost 25 companies when SafePay posted its first victims on November 20, 2024.

Consumer Impact

The stolen data included financial documents, invoices, purchase orders, details of retail partners, and sensitive employee information including medical certificates, superannuation details, and Medicare applications. The exposure of employee health records and Medicare information creates significant privacy concerns and potential identity theft risk for affected staff members.

Response

The company responded swiftly by securing its systems, launching an investigation, and notifying relevant authorities. As a new ransomware operation with Snow Brand being one of its first victims, the incident highlights the ongoing threat from emerging ransomware groups targeting Australian businesses.