Safepay Strikes Again: Ransomware Surge Hits Diverse Global Businesses
Subtitle: A notorious cybercrime gang unleashes a fresh wave of digital extortion, targeting organizations across industries and borders.
It was just another quiet day for many small and mid-sized businesses-until Safepay, an increasingly infamous ransomware group, broke the silence with a coordinated series of attacks. Among their latest victims: financial coach Debra L. Morrison, a UK heating company, an Italian design studio, a US CPA firm, and several others. As the digital dust settles, questions mount: how did Safepay orchestrate such a wide-reaching assault, and what does this mean for organizations everywhere?
Fast Facts
- Safepay ransomware group published at least 7 new victims on December 27, 2025.
- Targets include debralmorrison.com, heatcel.co.uk, studioelad.it, hmpccpa.com, vanvenrooy.com, inpipeproducts.com, and larosadelmonte.com.
- Victims span sectors such as finance, consulting, manufacturing, and logistics.
- Discovery and initial reporting credited to the cyber threat tracking site ransomware.live.
- No evidence yet of public data leaks, but extortion tactics commonly include threatening to release stolen information.
The latest campaign by Safepay underscores a chilling reality: ransomware gangs are no longer content with targeting just big corporations. Their victim list reads like a cross-section of the modern economy, from financial advice websites to industrial suppliers. The group’s operations are slick and methodical, with each victim’s domain and DNS records listed on their leak site - a digital “wanted poster” designed to pressure organizations into paying up.
What sets this incident apart is the sheer diversity of Safepay’s chosen targets. Debra L. Morrison, for instance, runs a professional coaching and financial education practice-hardly a multinational giant. Similarly, heatcel.co.uk and studioelad.it represent the kinds of regional businesses that often lack the robust cyber defenses of larger enterprises. The inclusion of hmpccpa.com, a certified public accounting firm, and logistics-related companies like vanvenrooy.com and larosadelmonte.com, illustrates the group’s indiscriminate approach.
Ransomware attacks typically begin with a phishing email, compromised credentials, or vulnerabilities in exposed systems. Once inside, the attackers encrypt sensitive files and demand payment-usually in cryptocurrency. Increasingly, groups like Safepay threaten to leak or auction stolen data if victims refuse to comply, leveraging maximum psychological and reputational pressure.
According to ransomware.live, a platform that monitors ransomware disclosures, all attacks in this latest cluster were discovered and published on December 27, 2025. While the site emphasizes it does not distribute stolen data, its listings provide a valuable early warning for the cyber security community.
For the organizations impacted, the road ahead is fraught with uncertainty. Recovery can take weeks or months, and reputational damage often lingers long after systems are restored. Meanwhile, Safepay’s growing hit list is a stark warning to businesses of every size: no one is too small-or too niche-to be targeted.
As ransomware groups like Safepay continue to refine their tactics, the need for vigilance, robust backups, and cyber resilience has never been greater. In the digital age, the next victim could be anyone.
WIKICROOK
- Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
- DNS Records: DNS records are digital instructions that direct internet traffic to the right servers, ensuring websites and services are accessible and secure.
- Phishing: Phishing is a cybercrime where attackers send fake messages to trick users into revealing sensitive data or clicking malicious links.
- Extortion Tactics: Extortion tactics are methods used by cybercriminals to pressure victims into paying money or meeting demands by threatening to release sensitive information.
- Cyber Resilience: Cyber resilience is the ability of systems to resist, adapt to, and quickly recover from cyberattacks or digital disruptions.




