Dark Web Profile: SafePay Ransomware - SOCRadar® Cyber Intelligence Inc.

SafePay, a ransomware group active since September 2024, primarily targets North America and Western Europe, avoiding CIS countries. They use stolen credentials, phishing, and exploit vulnerabilities to gain access, then encrypt files and exfiltrate data for double extortion. Mitigation strategies include strong access controls, regular patching, and monitoring for credential abuse and unusual tool usage.