Ransomware Attack on Muswellbrook Shire Council by SafePay

Muswellbrook Shire Council, a local government authority in New South Wales, Australia, has fallen victim to a ransomware attack orchestrated by the SafePay group. This incident highlights the vulnerabilities faced by government entities in the digital age.

About Muswellbrook Shire Council

Muswellbrook Shire Council serves a population of approximately 16,360 residents across an area of 3,402 square kilometers. The council is responsible for a wide range of services, including public health, infrastructure management, and community development. With a reported revenue of $83.45 million for the fiscal year 2022/23, the council is a significant entity in the region, known for its commitment to transparency and community engagement.

Attack Overview

The SafePay ransomware group claims to have exfiltrated 175 GB of data from Muswellbrook Shire Council's systems. The attack led to IT disruptions, prompting the council to initiate a comprehensive investigation with the help of external cybersecurity experts. Despite the breach, the council has managed to restore access to its systems and resume normal operations. The incident underscores the importance of robust cybersecurity measures for government bodies.

SafePay Ransomware Group

SafePay is a relatively new player in the ransomware landscape, known for its use of ransomware-as-a-service (RaaS) tactics and the LockBit source code. The group employs a double-extortion strategy, encrypting files and threatening to release stolen data if ransom demands are not met. SafePay's operations are characterized by stealthy infiltration methods, often gaining access through valid credentials acquired via VPN gateways.

Sources

• Ransomware.live Post
• Muswellbrook Shire Council - About Council
• SecurityWeek - Microlise Confirms Data Breach
• Huntress - It's Not Safe to Pay SafePay