How To Tackle This Emerging Ransomware Threat – Technologist

As a cyber security provider, we urge organisations to immediately protect themselves from SafePay, a newly identified ransomware operator with advanced capabilities. SafePay has been actively targeting organisations across industries, exploiting weaknesses in VPNs to infiltrate networks and deploy ransomware at alarming speed. It is so important that your business is able to protect its data, so we recommend using multi-factor authentication – MFA – on VPNs to restrict the chances of your business falling victim to a cyber attack.

SafePay: A Dangerous Adversary

According to research, SafePay employs a double extortion model, combining data encryption with the theft of sensitive information to coerce victims into paying ransoms. They maintain a presence on the dark web and TON network, which they use to communicate with victims and publicise stolen data, further pressuring businesses to comply with their demands.

SafePay’s Attack Pattern

SafePay initiates its attacks by exploiting vulnerabilities in VPN implementations, often using brute force attacks to gain initial access. This is another reason why Neuways cyber security experts suggest using MFA on your VPN, regardless of where you are. Once inside a network, the group deploys commonly available system administration and remote access tools to maintain persistence and facilitate further compromise. They then move laterally across the network, leveraging compromised administrator credentials to traverse systems. Finally, SafePay deploys its ransomware using unique techniques, such as domain controller registry modifications, to ensure rapid and widespread encryption.

What distinguishes SafePay from other ransomware groups is its speed. While the industry average for ransomware deployment in 2024 spans several days, SafePay can progress from initial access to full ransomware deployment in under 24 hours, underscoring the importance of rapid detection and response.

Protect Your Organisation with Multi-Factor Authentication

Enabling Multi-Factor Authentication (MFA) on all VPNs is essential to defend against SafePay and similar threats, as it significantly reduces the risk of brute-force attacks. Monitoring for unauthorised remote access tools and unusual activity within your network is another critical step to identifying potential intrusions early. Additionally, implementing Privileged Access Management (PAM) ensures that administrative privileges are tightly controlled, limiting the ability of attackers to move laterally within your systems.

Organisations should also deploy rapid detection and response capabilities to identify and isolate threats quickly. Regular audits of domain controller configurations can uncover potential vulnerabilities and help strengthen overall defences.

Stay Vigilant and Stay Aware – Use MFA on Your VPN

SafePay’s operations highlight the critical importance of a proactive and comprehensive cyber defence strategy. By adopting robust security measures such as MFA and staying alert to emerging threats, organisations can significantly reduce their risk of falling victim to ransomware attacks.

If you have concerns about your VPN security or need support strengthening your cyber defences, contact us to learn how we can help protect your business.

Add a Comment

Your email address will not be published. Required fields are marked *