Analysis of SafePay ransomware victims: new data from Flare to protect your IT infrastructure

In the world where cyber threats are constantly evolving, the emergence of new players like the SafePay group creates additional challenges for IT departments. The Flare team has conducted a detailed study of this group's victims to help organizations better understand the threat landscape and strengthen their security using Cyber Threat Intelligence.

Who is SafePay and who do they target

SafePay employs a double extortion model: they not only encrypt data but also threaten to leak it if the ransom is not paid. Flare's analysis shows that the attackers do not limit themselves to a single region, yet they have clear industry priorities.

Key characteristics of SafePay attacks

Geographic focus

• North America: Highest number of incidents (USA and Canada).
• Europe: Emphasis on developed economies in Western Europe.
• Asia-Pacific: Increasing number of attacks on financial hubs.

Target industries

• Business services: Law firms and consulting.
• Healthcare: Organizations with critical personal data.
• Manufacturing: Companies with low tolerance for downtime.

How Flare helps counter the threat

Solutions from Flare enable proactive identification of digital risks. Instead of reacting to the fact of encryption, the platform monitors darknet mentions of your company, the sale of stolen credentials, and vulnerabilities in the external perimeter.

Why choose Softprom

The Softprom company is an official distributor of Flare. We provide not only license supply but also full expert support, helping to integrate threat monitoring tools into your existing security system.