Ransomware Attack on Casa Imports by SafePay

On December 6, Casa Imports, a family-owned food distribution company based in Utica, New York, allegedly fell victim to a ransomware attack by the notorious SafePay group. This incident highlights the vulnerabilities faced by small to medium-sized enterprises in the food distribution sector.

About Casa Imports

Founded in 1975 by Italian immigrants, Casa Imports has expanded its reach to over 3,000 customers across five states. The company specializes in imported Italian foods, offering a diverse range of products including deli meats, cheeses, and pasta. Known for its dedication to quality and customer service, Casa Imports operates under the CORA and BELLISSIMO labels, which are well-regarded in the industry. Despite its success, the company remains relatively small, employing around 45 people and generating approximately $5 million in annual revenue. This size and scale make it a potential target for cybercriminals seeking to exploit less fortified digital infrastructures.

Details of the Attack

The SafePay ransomware group claimed responsibility for the attack, which allegedly resulted in the unauthorized access and leak of 80GB of sensitive data. The breach caused significant operational disruptions, underscoring the critical need for enhanced cybersecurity measures in the food distribution industry. SafePay's modus operandi involves a double-extortion strategy, where they encrypt files and threaten to release stolen data if their ransom demands are not met. This tactic increases pressure on victims to comply with ransom requests.

SafePay Ransomware Group

SafePay is a relatively new player in the ransomware landscape, known for using ransomware-as-a-service tactics and leveraging LockBit source code. The group has executed at least 22 confirmed attacks, employing sophisticated methods to infiltrate networks. SafePay typically gains access through valid credentials, often acquired via VPN gateways, avoiding more detectable methods like Remote Desktop Protocol. This stealthy approach makes them a formidable threat to organizations with inadequate cybersecurity defenses.

Implications for Casa Imports

The attack on Casa Imports underscores the ongoing vulnerabilities within the food distribution sector. As a family-run business with a strong emphasis on quality and service, Casa Imports must now navigate the challenges posed by this cyber incident. The breach serves as a stark reminder of the importance of implementing comprehensive cybersecurity strategies to protect against increasingly sophisticated threats.

Sources

• https://www.ransomware.live/id/Y2FzYWltcG9ydHMuY29tQHNhZmVwYXk=