Ransomware Group: SAFEPAY

VICTIM NAME: ibague[.]losolivos[.]co

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a well-known funeral services provider based in Ibague, Colombia, operating under the domain ibague.losolivos.co. The attack was discovered on May 29, 2025, and reportedly occurred earlier that day, although the exact compromise date is not explicitly specified. The victim primarily offers a range of services such as funeral planning, cremation, cemetery management, wake facilities, transportation, and posthumous tributes, along with psychological support for grieving families. These sensitive services highlight the importance of data confidentiality and the potential impact of the breach on community trust.

The leak page includes a prominent screenshot, which appears to show internal data, possibly related to the affected organization’s operations. No evidence suggests that personally identifiable information or employee data was compromised, as indicated by the absence of user or employee counts. A claim URL link is provided for more details, but specific leaked data or files are not publicly disclosed in the available information. The attack is associated with a threat group named “safepay,” though further details about the threat actor or the extent of data exfiltration are not provided. The incident underscores the risks faced by critical service providers, especially those handling sensitive personal and community-related information.