Ransomware Group: SAFEPAY

VICTIM NAME: freudenberg-cranes[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the website of Freudenberg Cranes, a company based in Germany. The breach was publicly disclosed on May 16, 2025, approximately one minute after the discovery timestamp. The leak occurred on the same day, indicating recent compromise activity. The page features a screenshot image that appears to display internal documents or data related to the victim. No specific details about the nature of the leaked data are provided, but the presence of a screenshot suggests some level of internal information exposure. The attackers are associated with the ‘safepay’ group, and the incident is linked to a wider ransomware campaign targeting various victims.

Despite the limited information, the page indicates that data associated with the victim might have been compromised or leaked. It is important to note that no personally identifiable information or sensitive employee data appears to have been exposed based on available details. The leak notification includes a claim URL, which could be used for further verification or information retrieval, but no specific files or data links are provided publicly. The leak’s impact on the company’s operations remains unspecified, but organizations of this nature should review their security protocols and monitor for further activity. The incident underscores the persistent threat posed by ransomware groups targeting enterprise companies globally.