lockbit2 attacks Safarni

Incident Date:

May 9, 2022

World map



lockbit2 attacks Safarni






, South Africa

Capetown, South Africa

First Reported

May 9, 2022

Safarni, a Flight Booking Engine, Targeted by Lockbit2 Ransomware Group

Company Size and Industry Standing

Safarni operates within the Education sector, a prime target for ransomware attacks due to the sensitive data involved. Although specific details regarding the company's size and industry standing are not disclosed on its website, Safarni is recognized for its global flight booking engine that aggregates flights from various sources to offer the best prices to its customers.

Vulnerabilities and Targeting

The ransomware attack on Safarni underscores the vulnerabilities present in companies within the Education sector. Ransomware groups frequently target entities holding sensitive data, leveraging the potential for high ransom demands in return for not disseminating the data or disrupting operations. The breach at Safarni likely involved exploiting system vulnerabilities or employing social engineering tactics to infiltrate their network.

Previous Attacks and Mitigation

Prior incidents involving Safari, the browser utilized by Safarni, have seen scareware campaigns that falsely accuse users of accessing illegal content to extort money. These instances, while not true ransomware attacks, employ intimidation tactics to provoke payment from users before they can assess the actual threat. To counter such threats, it is imperative for companies to update their systems regularly and educate their workforce on the dangers of engaging with suspicious links or downloading unverified software.

The Lockbit2 attack on Safarni accentuates the critical need for cybersecurity measures within the Education sector, especially for entities managing sensitive data. Staying abreast of emerging threats and adopting comprehensive security protocols can significantly enhance an organization's defense against ransomware and other cyber threats.


  • Hijacked default search engine in Safari - Malwarebytes Forums
  • Ransomware scammers exploited Safari bug to extort porn-viewing iOS users - ZDNet
  • Updating Apple iOS will protect you from this fake ransomware attack - Macworld
  • MacOS - Malware in Safari Cache! : r/antivirus - Reddit
  • Ransomware Attacks: Get Ahead of Them Today | Safari Solutions - Safari Solutions

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.