SafePay ransomware activity gains steam

More than 270 organizations have been targeted by the SafePay ransomware operation between January and August, with its 73 claimed hits in June making it the most active ransomware group during the month, reports GBHackers News.

Midsize and enterprise manufacturing, technology, healthcare, construction, education, research, and government entities have been primarily targeted by SafePay's attacks, which involve brute-force and VPN appliance compromise for initial access, network share enumeration, lateral movement via remote monitoring and management tools, data exfiltration, and ransomware delivery, according to Bitdefender's Threat Debrief report.

SafePay which uses LockBit Black's ChaCha20 encryption algorithm but also uses unique symmetric keys for encrypted files has mostly victimized organizations in the U.S., Germany, the UK, Canada, and Australia.

Increasingly aggressive attacks by SafePay ransomware necessitate a multi-layered defense strategy involving multi-factor authentication, stringent password policies, regular VPN and critical infrastructure patching, and the implementation of threat intelligence platforms, behavioral analysis tools, and continuous systems monitoring.