Podcasts
Safepay
Active Since
November 2024
Known Forum Aliases
N/A
Active Forum Accounts
N/A
Safepay was first discovered in late 2024 and have been seen abusing compromised credentials to eventually deploy ransomware ever since.
The ransomware strain used by the group has common traits with LockBit 3.0. The group also uses social engineering as an initial access vector.
Related Content
Videos
How can you identify ransomware operators targeting you on the dark web?
The Dark Web Hub
Vice Society [offline]
Vice Society stopped posting victims to its dark web leak site in June 2023 and went offline in December. Some security analysts note similarities in the TTPs of Vice Society and those used by Rhysida.
The Dark Web Hub
LockBit
LockBit was the most active ransomware group by number of listed victims on its dark web leak site in 2022 and 2023. In February 2024 its leak site was seized in Operation Cronos.
The Dark Web Hub
Cl0p
Cl0p is notable for its approach of using vulnerabilities in supply chain software to target multiple organizations, announcing them in a batch at a later date.
The Dark Web Hub
Akira
Akira appears to be a novel ransomware, written in C++, with versions targeted both at Windows machines and Linux operating systems. It has quickly become one of the most prolific ransomware groups.
The Dark Web Hub
BlackCat [offline]
The RaaS group BlackCat (also known as ALPHV or Noberus) is believed to include developers and money launderers from the former DarkSide ransomware group, most infamous for the Colonial Pipeline attack.
