New ransomware gang SafePay claims cyber attack on Microlise – 1.2TB of data stolen

This morning, new ransomware gang SafePay added UK IT company, Microlise, to its data leak site. It alleges to have stolen 1.2TB of data and is threatening to publish it in less than a day if ransom demands aren’t met.

This comes after Microlise and its clients (including DHL and Serco) suffered widespread disruption during a cyber attack that occurred on October 31. This week, Microlise also confirmed that hackers had exfiltrated data but that “no customer systems data was compromised.” However, “limited employee data” was impacted.

Microlise hasn’t yet confirmed whether a ransom was paid and/or demanded or how hackers infiltrated its systems. Comparitech has contacted the company for more information and will update this article if it responds.

Who is SafePay?

SafePay first appeared last month and has since added 25 victims to its data leak site–three of which have been confirmed. The group uses LockBit-based ransomware and appears to follow a double-extortion technique whereby a ransom is demanded to decrypt systems and delete stolen data.

Its other confirmed victims are Barbados Statistical Service (BSS) and German civil engineering company Fritz Spieth Beratende Ingenieure GmbH. BBS confirmed an attack in October 2024 that disrupted its systems while Fritz Spieth’s website continues to display a message about disrupted systems following a cyber attack.

SafePay’s other victims are from all over the world and a variety of industries, from manufacturers and schools to healthcare companies.

Ransomware attacks on IT companies

So far this year, we’ve tracked 33 attacks on IT companies around the world. The average ransom demand across these attacks has been nearly $4.7 million.

Some of the largest attacks have included ATSG, Inc. (US) with nearly 910,000 records breached after an October 2024 attack via BianLian, Young Consulting (US) with over 950,000 records affected after an April 2024 attack via BlackSuit, and CDK Global (US) which affected thousands of car dealers. The latter was also carried out by BlackSuit with CDK reportedly paying the hackers $25 million to have its systems restored.

As we’ve seen with this latest attack on Microlise, ransomware attacks on IT companies can have far-reaching consequences as key systems are crippled and numerous clients are impacted.

We have also tracked 295 unconfirmed attacks on the tech industry this year so far.

About Microlise

Based in Nottingham, England, Microlise is an IT company that specializes in fleet management, telematics, and supply chain management solutions for a number of clients including manufacturers and fleet operators.