Safepay Strikes HLB Ireland with Ransomware Attack

Summary

On July 16, 2025, the ransomware group Safepay publicly claimed responsibility for an attack targeting HLB Ireland (hlb.ie), a leading firm in Ireland. According to the threat actor’s post, they intend to release sensitive data unless negotiations are initiated.

Incident Report

HLB Ireland is a reputed firm in the financial sector, providing a wide range of professional services. The ransomware group Safepay is known for its aggressive tactics in extorting money from its victims by threatening to release sensitive information on the darkweb.

Proactively responding to such threats is crucial. Darkweb monitoring can be an effective measure to detect and prevent potential data breaches. Organizations are advised to regularly use tools like the Email Breach Checker to keep an eye on their company’s data and ensure timely action.

Recommendations

• Monitor your domains and email addresses for exposure using reputable threat intelligence tools.
• Conduct a full compromise assessment and incident response drill internally.
• Verify backups and ensure they are offline and ransomware-resistant.
• Educate staff on phishing, social engineering, and lateral movement techniques used by groups like Qilin.
• Engage with cyber forensics and legal counsel before initiating contact with threat actors.

Check Your Exposure

Wondering if your organization or employees are impacted by recent breach activity?

• Check domain-wide breach exposure:
  mspdarkintel.com/domain-breach-scan
• Check if an email was breached:
  mspdarkintel.com/email-breach-scan

Disclaimer

The MSPDarkIntel team does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information.
All breach data reported here is sourced from publicly available threat intelligence feeds for awareness and early-warning purposes only.
Our goal is to inform organizations of emerging threats so they can take timely defensive action.