Ransomware Group: SAFEPAY

VICTIM NAME: greenpac[.]com[.]sg

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Greenpac, a Singapore-based manufacturing company specializing in sustainable packaging solutions. The threat actor claims to have compromised the organization’s systems on May 17, 2025. Greenpac provides eco-friendly packaging designs and services across multiple industries, including healthcare, aerospace, and logistics, emphasizing sustainability through principles of renewal, reuse, and recycling. The leak indicates that the attack involved an infostealer, although no specific details about the data stolen, such as employee information or client data, are publicly disclosed. The threat actor appears to operate under the group name “safepay” and has shared a screenshot of what seems to be internal documentation or evidence of the breach. Critical to note, no sensitive personal or PII details are leaked in the shared content, maintaining privacy standards.

The leak page also offers a link to a claim website hosted on the dark web, where additional data or details about the breach may be accessible. The image included on the page depicts a screenshot, possibly of compromised internal systems or data, although specific content is not described. Greenpac’s website domain remains active, and there are no apparent reports of operational disruption or customer impact. The attack’s timing, sophistication, and exact data compromised remain unspecified, but the publication of such leak indicates potential risks for the organization’s proprietary information and client confidentiality. The incident underscores the growing threat of ransomware groups targeting manufacturing and logistics firms, emphasizing the need for robust cybersecurity defenses.