The Safepay ransomware group successfully breached Xortec GmbH, a German B2B distributor and systems integrator specializing in video surveillance, IP networking, and security solutions. The attack involved data theft and encryption, with Xortec listed on Safepay’s leak site under a ransomware deadline of October 27, 2025.The breach poses systemic risks due to Xortec’s role in the security supply chain. Attackers could have compromised firmware, backdoored hardware/software, or accessed sensitive client data, including surveillance layouts, shipment records, and installer credentials. Disruption to Xortec’s operations may cascade to resellers, critical infrastructure (transport, utilities), and end-users, eroding trust in deployed security systems.As a double-extortion ransomware attack, the incident threatens financial loss, reputational damage, and operational outages for Xortec and its global B2B clients (DACH region and beyond). The breach’s scope suggests potential long-term supply chain vulnerabilities, particularly in sectors relying on Xortec’s enterprise-grade surveillance solutions (retail, logistics, public infrastructure).
TPRM report: https://www.rankiteo.com/company/xortec-gmbh
"id": "xor2592325102625",
"linkid": "xortec-gmbh",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': ['system integrators',
'specialist installers',
'system houses',
'resellers',
'enterprise clients (retail, '
'logistics, public/private '
'infrastructure, critical '
'facilities)'],
'industry': ['video surveillance',
'IP networking',
'security solutions'],
'location': {'headquarters': 'Frankfurt, Germany',
'regions_operating': ['DACH (Germany, '
'Austria, '
'Switzerland)',
'global markets']},
'name': 'Xortec GmbH',
'size': {'employees': 'several dozen',
'revenue': '€7.5 million+ (annual)'},
'type': ['value-added distributor',
'systems integrator']}],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'sensitivity_of_data': ['high (security infrastructure data)',
'potentially confidential client '
'layouts'],
'type_of_data_compromised': ['client data',
'surveillance layouts',
'shipment records',
'potentially firmware/software '
'backdoors']},
'date_publicly_disclosed': '2025-10-26',
'description': 'The Safepay ransomware group claimed responsibility for '
'hacking German video surveillance provider Xortec and listed '
'the company on its data leak site. The ransomware payment '
'deadline is October 27, 2025. The breach poses systemic risks '
"due to Xortec's role in the security supply chain, "
'potentially exposing client data, surveillance layouts, '
'shipment records, and compromising firmware trust in deployed '
'systems. Disruption could impact resellers, end users, and '
'critical sectors like transport or utilities.',
'impact': {'brand_reputation_impact': ['high (due to systemic risks in '
'security sector)'],
'data_compromised': ['client data',
'surveillance layouts',
'shipment records',
'firmware (potential backdoors)'],
'operational_impact': ['potential disruption of logistics',
'loss of trust in deployed security systems',
'supply chain risks for resellers and end '
'users'],
'systems_affected': ['video surveillance systems',
'IP networking solutions',
'access control systems',
'security infrastructure for retail, '
'logistics, public/private infrastructure, '
'and critical facilities']},
'initial_access_broker': {'backdoors_established': ['potential '
'firmware/software '
'backdoors'],
'high_value_targets': ['security supply chain',
'client surveillance data']},
'investigation_status': 'ongoing (as of disclosure date)',
'motivation': ['financial gain', 'double extortion (data theft + encryption)'],
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': 'Safepay'},
'references': [{'date_accessed': '2025-10-26', 'source': 'SecurityAffairs'}],
'threat_actor': 'Safepay ransomware group',
'title': 'Safepay ransomware group claims the hack of professional video '
'surveillance provider Xortec',
'type': ['ransomware', 'data breach', 'supply chain attack']}