Unsafe, UnsafeLeaks, or Unsafe (Security) Blog, is not a ransomware group. You won't find details about encryption types, ransom notes, file extensions, or any samples. Instead, Unsafe is a data broker group that acts as a middleman between those seeking to buy data and ransomware groups who stole the data in the first place. Thus, the victims below could be found in other ransomware group's victim lists. According to JUMPSEC, this group is believed to have used data stolen from REvil and ALPHV (BlackCat). Furthermore, the individual(s) behind this operation use unorthodox blackmailing attempts, such as displaying explicit photos of organization employees. As middlemen, they negotiate the sale of the data for an unknown fee, which is how they make their money.
Known Victims(13)
| Industry Sector | Country | Extortion Date | Amount (USD) |
|---|---|---|---|
| Energy | United States | ||
| Education | United States | ||
| Transportation | Austria | ||
| Manufacturing | United States | ||
| Aerospace & Aviation | Switzerland | ||
| Automotive | France | ||
| Hospitality | Kuwait | ||
| Hospitality | Oman | ||
| Government | United States | ||
| Food & Beverage | United States | ||
| Legal | United States | ||
| Utilities | United States | ||
| Education | United States |