Ransomware Group: SAFEPAY

VICTIM NAME: mylikowines[.]co[.]uk

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to an online wine retailer based in the United Kingdom named “Mylikowines.co.uk.” The site offers a diverse selection of wines, including whites, reds, rosés, and sparkling varieties, and is known for its focus on quality and nationwide UK shipping. The attack date is recorded as May 17, 2025, indicating when the cyber incident occurred. The attackers have publicly disclosed the breach through a leak page hosted on an onion website, which includes a screenshot of the compromised data. No sensitive personal data or PII is indicated to have been exposed in the available information. The breach appears to be associated with a group named “safepay,” and the attack may involve data theft or extortion related to the business operations. The leak page mentions the existence of the claim URL for further verification or ransom negotiations. No detailed information about specific stolen data or internal breaches is provided beyond the general mention of compromised information. The image included shows a screenshot related to the incident, but no explicit content is discussed. Overall, the breach involves a significant commercial entity operating in the consumer services sector within the UK, emphasizing the importance of cybersecurity vigilance for online retailers. The leak highlights the potential risks posed to e-commerce platforms by cybercriminals targeting customer data, business information, or operational details. The cyberattack’s specifics remain limited, but the public disclosure underscores the importance of proactive security measures to prevent similar incidents. The leak page’s publicly accessible status and the presence of a dedicated claim URL suggest ongoing negotiations or data exposure management by the attackers. The incident serves as a reminder for online businesses to strengthen their cybersecurity defenses against evolving threats.