SafePay is a newly identified ransomware operator that targets organisations by exploiting vulnerabilities in VPNs.
SafePay employs a double extortion model, combining data encryption with the theft of sensitive information to coerce victims into paying ransoms.
The group deploys commonly available system administration and remote access tools to maintain persistence and facilitate further compromise within the network.
Enabling Multi-Factor Authentication (MFA) on VPNs and implementing Privileged Access Management (PAM) are crucial steps to defend against SafePay and similar threats.