Ransomware Attack on Kingswood Resort: SafePay Strikes Again

On November 21, Kingswood Resort, a prominent hospitality venue in Hanwell, New Brunswick, fell victim to a ransomware attack orchestrated by the SafePay group. Known for its award-winning golf course and extensive entertainment offerings, Kingswood Resort is a key player in the local hospitality industry, attracting both tourists and locals with its diverse amenities.

Overview of Kingswood Resort

Kingswood Resort, operating under the domain kingswoodpark.ca, is a multifaceted recreational and event venue. It features Atlantic Canada's largest family entertainment center, offering activities such as bowling, laser tag, and dining at Sam Snead's Oak Grill & Tavern. The resort's ability to host large events and its community engagement initiatives make it a standout in the hospitality sector.

Details of the Attack

The ransomware attack resulted in a data leak of 55GB, significantly impacting Kingswood Resort's operations. SafePay, the threat actor behind the attack, is known for its double-extortion tactics, which involve encrypting files and threatening to release stolen data unless a ransom is paid. This approach places additional pressure on victims to comply with ransom demands.

SafePay Ransomware Group

SafePay is a relatively new player in the ransomware landscape, utilizing ransomware-as-a-service (RaaS) tactics and leveraging LockBit source code. The group has claimed responsibility for at least 22 confirmed attacks, employing a stealthy approach to infiltrate networks. SafePay typically gains access through valid credentials, often acquired via VPN gateways, avoiding more detectable methods like Remote Desktop Protocol (RDP).

Sources

• Huntress: It's Not Safe to Pay SafePay
• SecurityWeek: Microlise Confirms Data Breach
• Kingswood Park Official Website