427/68 Tuesday, October 28, 2025
The Safepay ransomware group has claimed responsibility for a cyberattack that breached the systems of Xortec GmbH, a German provider of CCTV and security solutions. The group listed the company on its Data Leak Site, setting October 27, 2025, as the ransom payment deadline. Xortec, headquartered in Frankfurt with multiple offices across Germany, operates as a Value-Added Distributor and System Integrator specializing in video surveillance (CCTV), IP networking, access control, and security infrastructure for B2B customers such as integrators, specialized system installers, and resellers. The company has a strong presence in the DACH region (Germany, Austria, Switzerland) and international markets. It was acquired by Beyond Capital Partners in 2021 and reports annual revenues exceeding €7.5 million.
Experts warn that the attack could have widespread consequences due to Xortec’s key role in the security supply chain. If attackers inserted backdoors into hardware or software passed on to installers, sensitive data could be exposed, including customer information, surveillance system layouts, and delivery details. Firmware tampering could undermine trust in thousands of deployed security systems, while delays in logistics may affect end users and critical infrastructure sectors such as transportation and utilities.
The Safepay group, a relatively new ransomware operation that has rapidly expanded since 2024, employs a double extortion model, both stealing and encrypting data to pressure victims into paying. The group is known for executing attacks within 24 hours of gaining access and deliberately avoids targeting systems in Russia, leading researchers to suspect its origins lie in Eastern Europe.
