**Ransomware Group SafePay Targets Australian Legal Tech Firm BarNet, Leaks Sensitive Data**
A ransomware group known as SafePay has claimed responsibility for a cyberattack on BarNet, an Australian communications management firm specializing in legal services, including its BarNet Jade case tracking platform. The group listed BarNet on its dark web leak site last week and has since released stolen data, which includes financial statements, legal documents, contract files, passport scans, CVs, and personal records—primarily belonging to a single individual. Exposed details encompass names, birth dates, email addresses, phone numbers, banking information, car registration, and employment history.
SafePay, a relatively new ransomware operation first observed in October 2024, has targeted businesses across Australia, the U.S., the U.K., Italy, New Zealand, and several other countries. Unlike many ransomware groups, SafePay claims it does not operate as a ransomware-as-a-service (RaaS) model. Its recent victims include BECKS Group Australia, a high-end jeweler, which confirmed a breach last week after SafePay threatened to leak stolen data. BECKS stated it had notified authorities, including the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC), and acknowledged that some data was likely compromised.
BarNet has not yet publicly responded to the incident. The attack highlights the growing threat posed by emerging ransomware groups to specialized service providers handling sensitive legal and financial data.
Open Law cybersecurity rating report: https://www.rankiteo.com/company/open-laworgau
"id": "OPE1765404216",
"linkid": "open-laworgau",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Legal technology, communications '
'management',
'location': 'Australia',
'name': 'BarNet',
'type': 'Company'}],
'data_breach': {'data_exfiltration': 'Yes',
'file_types_exposed': ['PDF', 'DOCX', 'Scans (JPEG/PNG)'],
'personally_identifiable_information': 'Name, birth date, '
'email addresses, '
'phone numbers, '
'passport details, job '
'history',
'sensitivity_of_data': 'High (PII, financial, legal)',
'type_of_data_compromised': ['Financial statements',
'Contract documents',
'Legal documents',
'Passport scans',
'CVs',
'Personally identifiable '
'information (PII)',
'Banking details']},
'description': 'A ransomware group called SafePay listed BarNet on its dark '
'web leak site, alleging data theft from the company’s '
'network. The leaked data includes financial statements, '
'contract documents, legal documents, passport scans, CVs, and '
'personal information such as name, birth date, email '
'addresses, phone numbers, passport details, financial banking '
'details, and job history.',
'impact': {'brand_reputation_impact': 'Likely significant due to data '
'exposure',
'data_compromised': 'Financial statements, contract documents, '
'legal documents, passport scans, CVs, '
'personal documents (PII, banking details, job '
'history)',
'identity_theft_risk': 'High (PII and financial data exposed)',
'legal_liabilities': 'Potential under privacy regulations',
'payment_information_risk': 'High (banking details exposed)'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain (ransom demand)',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'SafePay'},
'references': [{'source': 'Cyber Daily'}],
'regulatory_compliance': {'regulations_violated': ['Potentially Australian '
'Privacy Act (if PII '
'exposed)']},
'threat_actor': 'SafePay',
'title': 'SafePay Ransomware Attack on BarNet',
'type': 'Ransomware'}