The safepay ransomware group has allegedly targeted a diverse set of companies from the United States and the United Kingdom, adding eight new victims to its dark web leak site. The public listing suggests that the threat actors have not only encrypted their systems but have also allegedly exfiltrated sensitive data, which they are now threatening to release. This multi-victim announcement highlights the broad, opportunistic approach taken by the ransomware group, impacting sectors ranging from healthcare and manufacturing to home electronics and construction.
The organizations recently listed by the safepay group include a variety of small to medium-sized enterprises that are crucial to their local economies and supply chains. The alleged victims are:
- 🇬🇧 Armour Home: A UK-based designer, manufacturer, and distributor of hi-fi, home-cinema, and audio solutions.
- 🇺🇸 Venetian Associates: A private investment firm based in Michigan that acquires consumer product and manufacturing companies.
- 🇺🇸 DrCloudEHR: A provider of cloud-hosted electronic health record (EHR) and practice management software for medical clinics.
- 🇺🇸 Slusarski: A Michigan-based sitework and paving contractor serving residential, commercial, and municipal projects.
- 🇺🇸 Alliance Steel: A North American flat-rolled steel service center that processes and distributes steel to various industries.
- 🇺🇸 Browne Group Inc.: A long-standing distributor of kitchenware and foodservice products with over 70 years in business.
- 🇬🇧 GOS Heating: A family-run heating, plumbing, and electrical contractor based in Preston, UK.
- 🇺🇸 Broward Institute of Orthopaedic Specialties (BIOS): A multi-physician orthopedic medical practice with locations in Florida.
By posting these companies on their leak site, the attackers employ a double-extortion tactic to pressure victims into paying a ransom. This method involves both encrypting files to disrupt operations and threatening to leak stolen data to cause reputational and financial damage. The varied nature of the targets underscores that organizations of all sizes and industries remain vulnerable to such cyber attacks. The claims of compromise have not yet been independently verified by the companies involved.
