Latest news with #Safepay
Forbes
17 hours ago
- Business
- Forbes
Hackers Threaten To Publish 3.5 TB Of Stolen Data In 24 Hours
There are two cybersecurity threats that we seem unable to escape from of late: ransomware and data breaches. A recent analysis of more than 1,297 breaches revealed that data breaches increasingly drive ransomware attacks. Although there is the odd anomaly, such as the cybercriminals who threaten to permanently destroy data, the vast majority of ransomware attacks are now more focused on stealing data and using it to extort the victims than ever. "Ransomware tactics continue to evolve, with the growing shift toward extortion over encryption as a clear example," Deepen Desai, Cybersecurity executive vice president at Zscaler, told me just this week. If you want an example of this, look no further than the Safepay ransomware hackers who have given Ingram Micro until August 1 to pay a ransom or face the publication, the group says, of 3.5 TB of stolen data. Here's what you need to know. Safepay Hackers Threaten To Publish 3.5 TB Of Allegedly Stolen Ingram Micro Data Safepay is a group of ransomware hackers that first burst onto the cybercrime scene in 2024, successfully targeting at least 20 organizations. It has been reported that the group appears to 'share a lot of similarities with the LockBit ransomware family,' and, as such, could be a splinter group or rebranding of the notorious threat actors. What is much clearer, however, is that like most modern ransomware threats, Safepay favors double extortion involving not only encrypting systems but holding stolen data to ransom. On July 5, Ingram Micro, a global information technology services giant, confirmed that it had been a victim of a ransomware attack. Stating that it had 'recently identified ransomware on certain of its internal systems,' Ingram Micro said it had taken 'steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures.' What has been less clear, however, is what, if any, data was stolen during this attack. Updates from the company have said that it is continuing to investigate 'the scope of the incident and affected data,' but had not responded to my request for a further statement at the time of publication. The Safepay hackers claiming responsibility, however, have been more vocal. It has now been reported that the ransomware actors have a countdown clock running on their data leak site that gives August 1 as the deadline before 3.5 TB of alleged Ingram Micro stolen data will be published. "This is a tactic threat actors use to place more pressure on victims, hoping to encourage them into paying,' Peter King, principal consultant at Acumen Cyber said, adding that 'given the notice is still up on Safepay's leak site, this suggests Ingram Micro hasn't opted to pay.' "Organizations can protect against SafePay and similar types of ransomware attacks by placing strict access controls on their systems, strong authentication like multi-factor authentication,' Chris Hauk, a consumer privacy champion at Pixel Privacy, advised, 'monitoring for newly discovered vulnerabilities, and implementing secure VPN connections to provide remote access." This is a developing story, and I will update it as more information, from the hackers or Ingram Micro, is forthcoming.
Techday NZ
26-06-2025
- Business
- Techday NZ
Retail ransomware attacks surge 40% as Safepay tops threats
Ransomware attacks targeting the retail sector increased by 40% in May compared to April, according to findings released by NCC Group. The research noted that global ransomware activity decreased by 6% in May, with 393 attacks recorded worldwide. This marked the third consecutive month of decline following elevated attack volumes earlier in 2025. However, security analysts warn that a reduction in numbers does not equate to a lowering of risk amid shifting cybercriminal tactics and ongoing geopolitical tensions. Retail under pressure While the industrial sector continued to experience the highest level of ransomware targeting—comprising 30% of reported cases in May, or 118 incidents—the consumer discretionary sector, including retail, saw a notable surge. Retail-related attacks rose from 73 in April to 102 in May. The report attributes this increase to the appeal of high-value targets in the sector, driven by the disruption of payment systems, access to consumer data, and prospects for substantial ransom payments. Several high-profile retailers were reportedly targeted during the period, including Victoria's Secret, Adidas, Cartier, and Peter Green Chilled. In addition, the group known as Scattered Spider claimed responsibility for attacks on Marks & Spencer and the Co-op during May. Observers from Google Threat Intelligence Group and Mandiant have noted a shift in Scattered Spider's focus toward the US retail sector, where the abundance of large companies increases the field of potential victims. Despite difficulties in precisely attributing individual attacks to Scattered Spider, the group's techniques were observed in several US-based incidents. Safepay rises to prominence Safepay accounted for 18% of all recorded ransomware attacks in May, making it the most active threat actor of the month with 70 reported incidents. NCC Group described this as the first occasion Safepay has appeared among the top ten most prolific threat groups since becoming active in November 2024. Researchers noted suggestions within the security community that Safepay could represent a rebranding of other prominent groups such as LockBit, Alph V, or INC Ransomware. If correct, this would shed light on the rapid rise in activity and the group's apparent capacity and sophistication. Other observed trends included the Play gang moving up to second place with 44 attacks, an increase from its previous ranking, and Qilin dropping to third position with 42 incidents. Akira, which led in April, experienced a 46% decline in reported cases, falling to 35 attacks in May. Regional focus: North America and Europe The report found that most ransomware activity remained concentrated in North America, which accounted for 50% of all incidents, or 193 attacks. Europe experienced 29% of attacks (112), with Asia comprising 13% (49) and South America recording 4% (17). In total, North America and Europe represented 79% of global ransomware cases. AI and prompt injection risks The study also addressed an emerging trend: the vulnerability of artificial intelligence systems to prompt injection attacks. As large language models are more widely adopted across sectors such as healthcare and finance, threat actors have begun to exploit weaknesses using carefully crafted prompts to bypass standard security controls, access sensitive data, or manipulate AI outputs. According to NCC Group, 56% of AI models tested displayed susceptibility to prompt injection attacks. Current defensive measures, such as input validation and monitoring, face challenges in keeping pace with increasingly sophisticated attack methods. Suggestions for strengthening defences include adversarial training, advanced detection, secure memory management, and human-AI oversight. Regulatory bodies are urged to develop best practice guidelines for AI system security. Matt Hull, Global Head of Threat Intelligence at NCC Group, said: "Although reported ransomware incidents declined in March, April, and May, cyber security efforts must be strengthened, not scaled back. Seasonal fluctuations, with summer approaching, may partly explain the dip. However, the rise of new threat actors like Safepay and the emergence of critical vulnerabilities in AI highlight the ongoing volatility of the ransomware landscape. This underscores the need for sustained cyber investment across both industry sectors and national defence. The focus on the UK's retail sector has shone a light on why cyber security is integral to business resilience. "On a broader level, rising global instability, ongoing tensions between the US and China, and evolving alliances are all contributing to threat levels. Trump's involvement in the Middle East could spur deeper collaboration in advanced technologies between the US and Gulf nations, and new efforts to strengthen UK-EU relations could make involved organisations prime targets for espionage by state-sponsored adversaries. With these factors in play, cyber threats remain a persistent and evolving risk."
