<style>/*<link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=5925999397593177003&zx=e12399ec-5e88-4aaf-9331-9d5e4422d5e2' media='none' onload='if(media!='all')media='all'' rel='stylesheet'/><noscript><link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=5925999397593177003&zx=e12399ec-5e88-4aaf-9331-9d5e4422d5e2' rel='stylesheet'/></noscript>
<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>
<meta name='google-adsense-platform-domain' content='blogspot.com'/>

<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2460228594947362&host=ca-host-pub-1556223355139109" crossorigin="anonymous"></script>

<!-- data-ad-client=ca-pub-2460228594947362 -->

</head><body>*/</style>

Inside SafePay: Analyzing the New Centralized Ransomware Group

Sp123

7 Jan, 2026

Introduction to Malware Binary Triage (IMBT) Course

Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.

In late 2024 and throughout 2025, a sophisticated ransomware group known as SafePay emerged, rapidly escalating its operations to become a significant global threat. Unlike the dominant Ransomware-as-a-Service (RaaS) models, SafePay operates as a centralized, closed group, maintaining strict control over its infrastructure, negotiations, and profits. This operational security (OPSEC) strategy minimizes the risk of code leaks and law enforcement infiltration that plagued predecessors like LockBit and ALPHV [1].

Article Link: Inside SafePay: Analyzing the New Centralized Ransomware Group

1 post - 1 participant

Read full topic

Malware Analysis, News and Indicators - Latest topics

Sp123

"An underestimated security threat to organizations is employee apathy and burn out.‌‌"

<style>/*
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/1350801215-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY4xktgpuk3ISiaFKm88mVn5shyJjw:1768002621159';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d5925999397593177003','//www.sharitsec.eu.org/2026/01/inside-safepay-analyzing-new.html','5925999397593177003');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '5925999397593177003', 'title': 'SharITSec', 'url': 'https://www.sharitsec.eu.org/2026/01/inside-safepay-analyzing-new.html', 'canonicalUrl': 'https://www.sharitsec.eu.org/2026/01/inside-safepay-analyzing-new.html', 'homepageUrl': 'https://www.sharitsec.eu.org/', 'searchUrl': 'https://www.sharitsec.eu.org/search', 'canonicalHomepageUrl': 'https://www.sharitsec.eu.org/', 'blogspotFaviconUrl': 'https://www.sharitsec.eu.org/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': '', 'encoding': 'UTF-8', 'locale': 'en-GB', 'localeUnderscoreDelimited': 'en_gb', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22SharITSec - Atom\x22 href\x3d\x22https://www.sharitsec.eu.org/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22SharITSec - RSS\x22 href\x3d\x22https://www.sharitsec.eu.org/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22SharITSec - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/5925999397593177003/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22SharITSec - Atom\x22 href\x3d\x22https://www.sharitsec.eu.org/feeds/8869229539850475532/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-2460228594947362', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': true, 'adsenseAutoAds': true, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/617ee3b89bd337b4', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'X', 'key': 'twitter', 'shareMessage': 'Share to X', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en_GB\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': 'Read more', 'pageType': 'item', 'postId': '8869229539850475532', 'postImageUrl': 'https://www.picussecurity.com/hubfs/picus-threat-research-Inside-SafePay-Ransomware-Group-preview.png', 'pageName': 'Inside SafePay: Analyzing the New Centralized Ransomware Group', 'pageTitle': 'SharITSec: Inside SafePay: Analyzing the New Centralized Ransomware Group', 'metaDescription': ''}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard', 'ok': 'Ok', 'postLink': 'Post link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Inside SafePay: Analyzing the New Centralized Ransomware Group', 'description': 'Welcome to the website \x22sharitsec.eu.org\x22 a gathering place for information and learning news about hacking.', 'featuredImage': 'https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sYtuGMbrBzikWYuQ3tzmu9yh50riGMFHX268kWgc-BZ7ROpYHw1C5EeaVoOVWILEZNJs8Th4eHFg97t5WCdVK8F1XgYd45ci-WNOGuaYL505p1zCujNacyLly6g-XpLy7JvXth0ef9KauYWDfgnTN5a5w3hujmpNDtDfnyNy1a6teOjdUG4xw4', 'url': 'https://www.sharitsec.eu.org/2026/01/inside-safepay-analyzing-new.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 8869229539850475532}}, {'name': 'widgets', 'data': [{'title': 'Pagination', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML8'}, {'title': 'Template License', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML7'}, {'title': 'Popular', 'type': 'PopularPosts', 'sectionId': 'upload-image', 'id': 'PopularPosts1', 'posts': [{'title': 'Top 10 Deep Web and Dark Web Forums', 'id': 1342649630186364928}, {'title': 'What is Threat Detection, Investigation \x26 Response (TDIR)', 'id': 5135130421871089131}, {'title': 'Phantom 3.5: Initial Vector Analysis \x26 Forensics', 'id': 3983142572185867699}]}, {'title': 'Your Css', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML9'}, {'title': 'About Me', 'type': 'Profile', 'sectionId': 'upload-image', 'id': 'Profile1'}, {'title': 'Your Javascript', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML6'}, {'title': 'Google analytics', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML5'}, {'title': 'Navbar Menu', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML2'}, {'title': 'Icons, Dark, Search', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList10'}, {'title': 'Menu', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList11'}, {'title': 'Featured Post', 'type': 'FeaturedPost', 'sectionId': 'before-blog', 'id': 'FeaturedPost1', 'postId': '1957529926319578715'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'blog-post', 'id': 'Blog1', 'posts': [{'id': '8869229539850475532', 'title': 'Inside SafePay: Analyzing the New Centralized Ransomware Group', 'featuredImage': 'https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sYtuGMbrBzikWYuQ3tzmu9yh50riGMFHX268kWgc-BZ7ROpYHw1C5EeaVoOVWILEZNJs8Th4eHFg97t5WCdVK8F1XgYd45ci-WNOGuaYL505p1zCujNacyLly6g-XpLy7JvXth0ef9KauYWDfgnTN5a5w3hujmpNDtDfnyNy1a6teOjdUG4xw4', 'showInlineAds': false}], 'headerByline': {'regionName': 'header1', 'items': [{'name': 'author', 'label': 'Posted by'}, {'name': 'timestamp', 'label': 'd MMM, yyyy'}, {'name': 'share', 'label': ''}]}, 'footerBylines': [{'regionName': 'footer2', 'items': [{'name': 'labels', 'label': 'Labels:'}]}], 'allBylineItems': [{'name': 'author', 'label': 'Posted by'}, {'name': 'timestamp', 'label': 'd MMM, yyyy'}, {'name': 'share', 'label': ''}, {'name': 'labels', 'label': 'Labels:'}]}, {'title': '#You may also like', 'type': 'HTML', 'sectionId': 'ads-post', 'id': 'HTML15'}, {'title': 'Popular Posts', 'type': 'PopularPosts', 'sectionId': 'sidebar-static', 'id': 'PopularPosts10', 'posts': [{'title': 'A week in security (December 29 \u2013 January 4)', 'id': 598929235825986448}, {'title': '\ubd81\ud55c \uae40\uc218\ud0a4(Kimsuky) VBScript \uc81c\uc791\ub41c \uc545\uc131\ucf54\ub4dc-1.vba', 'id': 1471464022735495018}, {'title': 'Reminder: Survey on threats experienced by journalists and security researchers', 'id': 2188170936003970234}, {'title': 'Telegram Hit by a DDoS Attack: What Is the Cause Behind It?', 'id': 6074314729357274387}, {'title': 'Shoppers Can Now Make Once-Restricted Purchases At Grocery Stores Under New Law', 'id': 3065443775941767324}, {'title': 'Amazon to Issue Refund Checks After Record $2.5 Billion Prime Settlement', 'id': 5144400052847683313}, {'title': 'DarkSpectre Browser Extension Campaigns Expose 8.8 Million Users to Corporate Espionage', 'id': 939720260342050839}, {'title': '1/5/26 10:04 am', 'id': 3297675924692726591}, {'title': '34 arrests in Spain during action against the \u2018Black Axe\u2019 criminal organisation', 'id': 4375866297432067073}, {'title': 'New ransomware tactics to watch out for in 2026', 'id': 6142829274996052297}]}, {'title': 'Archive', 'type': 'BlogArchive', 'sectionId': 'sidebar-static', 'id': 'BlogArchive10'}, {'title': '#Recent Post', 'type': 'HTML', 'sectionId': 'sidebar-static', 'id': 'HTML19'}, {'title': 'Copyright', 'type': 'HTML', 'sectionId': 'copyright', 'id': 'HTML23'}, {'title': 'SVG Icons', 'type': 'HTML', 'sectionId': 'jet-options', 'id': 'HTML24'}]}]);
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML8', 'upload-image', document.getElementById('HTML8'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML7', 'upload-image', document.getElementById('HTML7'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts1', 'upload-image', document.getElementById('PopularPosts1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML9', 'upload-image', document.getElementById('HTML9'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ProfileView', new _WidgetInfo('Profile1', 'upload-image', document.getElementById('Profile1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML6', 'upload-image', document.getElementById('HTML6'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML5', 'upload-image', document.getElementById('HTML5'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML2', 'upload-image', document.getElementById('HTML2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList10', 'header-main', document.getElementById('LinkList10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList11', 'header-main', document.getElementById('LinkList11'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_FeaturedPostView', new _WidgetInfo('FeaturedPost1', 'before-blog', document.getElementById('FeaturedPost1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'blog-post', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/2383197431-lbx__en_gb.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/828616780-lightbox_bundle.css'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML15', 'ads-post', document.getElementById('HTML15'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts10', 'sidebar-static', document.getElementById('PopularPosts10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogArchiveView', new _WidgetInfo('BlogArchive10', 'sidebar-static', document.getElementById('BlogArchive10'), {'languageDirection': 'ltr', 'loadingMessage': 'Loading\x26hellip;'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML19', 'sidebar-static', document.getElementById('HTML19'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML23', 'copyright', document.getElementById('HTML23'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML24', 'jet-options', document.getElementById('HTML24'), {}, 'displayModeFull'));
</script>
</body>*/</style>