May 2025 Malware Spotlight: Safepay Surges To The Forefront Of Cyber Threats
Check Point, Monday, June 9th, 2025
Cyber criminals are becoming more brazen, and this month, research highlights the rise of SafePay, a relatively new but increasingly active ransomware group that has quickly established itself as a key player in the cyber crime ecosystem.
Meanwhile, FakeUpdates remains a dominant force, continuing to impact global organizations at an alarming rate. The education sector remains the most targeted industry, illustrating persistent vulnerabilities across institutions.
SafePay Leads the Ransomware Group Rankings
SafePay, first identified in November 2024, has emerged as the most prevalent ransomware group this month. SafePay uses a double-extortion strategy: encrypting files while exfiltrating sensitive data to further pressure victims into paying ransoms. Notably, SafePay's malware includes a Cyrillic-language exclusion, suggesting possible ties to Russian-affiliated threat actors.