Ransomware Group

safepay

SafePay emerged in September 2024 as a rapidly growing ransomware operation that explicitly disavows the RaaS model and manages all operations internally, claiming over 300 victims worldwide by mid-2025 with a high-profile early attack against UK telematics firm Microlise stealing 1.2 TB of data.

502 Known Victims

Threat Level

CRITICAL

Known Infrastructure

The following Tor hidden services have been associated with this group:

j3dp6okmaklajrsk6zljl5sfa2vpui7j2w6cwmhmmqhab6frdfbphhid.onion
nj5qix45sxnl4h4og6hcgwengg2oqloj3c2rhc6dpwiofx3jbivcs6qd.onion
safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion
nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion
cqkrkmmivhakl3fwgxscurduu3znmroablt7jskxszkctixyseij5gad.onion

⚠️ Warning: These are malicious sites. Do not visit without proper security measures.

Check If You're Affected

Search our database to see if your organization appears in safepay's victim list.

Try It NowFree

Try:|

Get instant threat analysis with risk scores, threat categories, and detailed reports.

Other Active Ransomware Groups

Lockbit Blackcat Cl0p Play Bianlian Akira Medusa Rhysida