Skip to content

SafePay Is A ‘Highly Specialized’ Hacker Group With An Unusual Approach: Experts

Posted by: GuidePoint Security

< 1 min read

July 9, 2025 – Published on CRN

The threat actor linked to the disruptive ransomware attack against distribution giant Ingram Micro, SafePay, has taken an unusual approach to cyberattacks that makes the hacker group more formidable to defend against, cybersecurity experts told CRN.

Notably, SafePay has shunned the prevalent ransomware-as-a-service model—which divvies up the steps of a ransomware attack among various entities—and instead carries out all phases of a cyberattack on its own, according to the researchers.

There’s no question that an “insular” group that bypasses the ransomware-as-a-service (RaaS) model, such as SafePay, can be assumed to possess a higher level of skill and experience than the average cybercriminal organization, according to GuidePoint Security’s Jason Baker.

“RaaS has taken off and proven resilient because it breaks down those barriers to entry and it distributes the skill requirements,” said Baker, threat intelligence consultant at Reston, Va.-based GuidePoint, No. 37 on CRN’s Solution Provider 500 for 2025. “I would typically expect it to be harder and require more skill to [operate] an insular group than a simple RaaS outfit.”

Read More HERE.

Categories: Incident Response & Threat Intelligence
Tags:GRIT®ransomware

GuidePoint Security

GRIT Q2 2025 Ransomware & Cyber Threat Report Presentation
Watch our exclusive webinar on the GRIT Q2 Ransomware & Cyber Threat Report findings to gain expert insights into the ransomware economy.
Watch Now

Related Articles

View All

  • Incident Response & Threat Intelligence
GRIT Q2 2025 Ransomware & Cyber Threat Report Presentation
Read More < 1 min read
  • GRIT® Blog
Insights from the GRIT Q2 2025 Ransomware & Cyber Threat Report
Posted by: GuidePoint Security
Read More < 1 min read
  • GRIT® Blog
RansomSnub: RansomHub’s Affiliate Confusion
Posted by: Justin Timothy
Read More 4 min read