Ransomware Group: SAFEPAY

VICTIM NAME: rgvengineering[.]co[.]uk

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak affected an engineering company based in the United Kingdom. The attack was publicly disclosed on May 21, 2025, indicating a compromise of the company’s data infrastructure. The incident was identified by a threat group known as Safepay, which is associated with targeted cyber extortion activities. The breach involved the exposure of internal data, as evidenced by a publicly available screenshot showing screenshots of internal documents or system interfaces. No personal employee information or third-party data appears to have been compromised according to available reports. The attackers have provided a claim URL linking to a dark web page with further details about the attack, but specific sensitive data remains undisclosed to the public. The incident underscores the ongoing threats faced by manufacturing firms in the digital age, emphasizing the importance of robust cybersecurity measures.

The leak page includes visual evidence of the attack, such as a screenshot indicating the nature of the compromised infrastructure. Although no explicit data dumps or files are visible publicly, the presence of a dedicated dark web claim URL suggests ongoing negotiations or further data leaks. The attack targeted a company with no reported involvement of third-party vendors or employees, which might imply that the attackers aimed directly at the company’s internal systems. The incident is part of a broader trend where threat actors target manufacturing sectors across the UK, potentially impacting production and operational continuity. The threat group involved, Safepay, is known for carrying out financially motivated attacks that threaten to release sensitive corporate information unless extortion demands are met.