BarNet, a specialist communications and infrastructure provider to barristers and legal practices, has been listed on the dark web leak site of the SafePay ransomware group, in an incident that is drawing close attention from cyber insurers and brokers focused on legal-sector risk.
The company delivers services including web hosting, high-speed internet, file-sharing, and the BarNet Jade case-tracking platform, which legal professionals use to search case law and legislation. SafePay has released material it claims was taken from BarNet’s systems, suggesting that at least part of the provider’s environment has been compromised.
According to Cyber Daily’s report, the leaked files appear to include financial statements, contract and legal documents, annexures, and personal records such as passport copies and CVs. A large portion of the exposed data appears to relate to a single individual and includes name, date of birth, contact information, passport and banking details, car insurance and vehicle registration information, and employment history.
SafePay, first observed in October 2024, has been associated with attacks on organisations in Australia, the UK, the US, Italy, New Zealand, Canada, Belgium, Brazil, Germany, Barbados, and Argentina. On its leak site, the group states that it does not operate on a ransomware-as-a-service model, declaring: “SafePay ransomware has never provided and does not provide the RaaS.”
The SafePay listing is one of several recent incidents involving legal-sector organisations. Another matter involving a separate ransomware group has affected a Western Australia family law firm. In October, Paterson & Dowding Family Lawyers confirmed a cyber incident after the Anubis ransomware group claimed it gained access to and leaked sensitive information from the firm. Paterson & Dowding said it identified unusual activity on its systems and brought in external specialists to investigate and contain the situation. A spokesperson told Cyber Daily: “As soon as we became aware of unusual activity on our system, we took immediate action to engage external experts, contain the incident, and commence an urgent investigation.”
The firm said a subset of personal information was accessed by an unauthorised third party and that some of that data has been published externally. “We will continue to support our clients and staff. We take the privacy of our clients and staff very seriously, and we sincerely apologise for any concern or inconvenience this incident has caused,” the spokesperson said.
Paterson & Dowding has reported the matter to the Office of the Australian Information Commissioner and the Australian Cyber Security Centre (ACSC) and is conducting an internal review to determine the scope of exposure.
The incidents are emerging against a backdrop of elevated ransomware activity in Australia and New Zealand. Research from Opentext Cybersecurity indicates that 40% of Australian organisations experienced at least one ransomware incident in the past year, with nearly half of those organisations targeted more than once. Separate survey data for Arctic Wolf shows that 85% of organisations across Australia and New Zealand reported at least one cyber incident over the same period, compared with a global average of 76%.
The Opentext research suggests that one-third of organisations struck by ransomware chose to pay, with 41% of those payments exceeding US$250,000. Arctic Wolf’s findings indicate that almost three-quarters of surveyed businesses in Australia and New Zealand have paid ransoms to avoid data leaks, with 91% using third-party negotiators but fewer than half securing a reduction in the ransom demand.
Some security leaders continue to argue against ransom payments, even as survey data shows that such payments remain common. Fortinet Australia chief security officer Glenn Maiden has urged organisations to “never ever pay the ransom.” Referring to reports that 66 companies have made payments to online extortion groups since May 2025, during a period of increased use of AI-enabled tools by attackers, Maiden told Sky News: “More often than not, the bad guys will leave you alone for x amount of time, then come back and hit you again.”
