SafePay: Email Bombs, Phone Scams And Really Big Ransoms
Barracuda Networks, Friday, July 25th, 2025
When it comes to choosing a brand name, 'SafePay' must be among the most boring of choices. It sounds more like a payment app than an organized crime group.
There are no dragons or bugs or heads full of snakes, but the group behind the brand is skilled and ruthless. SafePay has been making a name for itself with strong encryption, data exfiltration and big ransom demands from a fast-growing list of victims.
SafePay ransomware was first observed in October 2024, and later confirmed to have been active at least one month earlier. By the end of the first quarter of 2025, SafePay claimed over 200 victims, including managed service providers (MSPs) and small-to-midsize businesses (SMBs) across multiple sectors. The group has been relentless, claiming between 58-70 victims in May 2025, making it the most active ransomware group that month.