Ransomware Attack on Safefood: Meow Group Leaks 200GB of Confidential Data
Incident Date:
August 13, 2024
Overview
Title
Ransomware Attack on Safefood: Meow Group Leaks 200GB of Confidential Data
Victim
Safefood
Attacker
Meow
Location
First Reported
August 13, 2024
Ransomware Attack on Safefood by Meow Ransomware Group
Safefood, an all-island agency dedicated to promoting food safety and healthy eating across Ireland, has fallen victim to a ransomware attack orchestrated by the Meow ransomware group. The attackers have announced the availability of over 200 GB of confidential data for purchase on their dark web leak site.
About Safefood
Established under the British-Irish Agreement Act of 1999, Safefood operates as a public health organization focused on enhancing awareness and knowledge regarding food safety and healthy eating. With headquarters in Cork and Dublin, Safefood collaborates closely with stakeholders in the food industry, academia, and public health sectors. The organization provides public education, conducts research, and offers independent assessments of the food supply. Safefood's initiatives include resources for schools and the general population to encourage healthy eating habits and safe food practices.
Attack Overview
The ransomware attack on Safefood has resulted in the theft of employee information, client details, document scans, financial records, and other confidential information. The attackers are selling this data for $3000, urging interested parties to click a "Buy" button and provide contact information for registration. The stolen data offers deep insights into the organization's operations and its impact on public health.
About Meow Ransomware Group
Meow Ransomware is a group that emerged in late 2022, associated with the Conti v2 ransomware variant. They resurfaced in late 2023 and have been highly active in 2024. The group primarily targets industries with sensitive data, such as healthcare and medical research. Meow Ransomware employs various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms.
Penetration Methods
Meow Ransomware likely penetrated Safefood's systems through one of their common infection methods. Given Safefood's extensive collaboration with various stakeholders and its public-facing educational resources, vulnerabilities could have been exploited through phishing emails or RDP vulnerabilities. The ransomware group leaves behind a ransom note named "readme.txt" that instructs victims to contact the group via email or Telegram to negotiate the ransom payment and retrieve their encrypted files.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.