Ransomware Group: SAFEPAY

VICTIM NAME: pzsarchitects[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to PZS Architects, a Philadelphia-based architectural firm operating in the business services sector within Finland. The breach was identified and publicly disclosed on June 14, 2025, with the attackers claiming responsibility, suggesting a targeted attack on the company’s digital infrastructure. The leak includes sensitive information related to the company’s operations, which may encompass internal documents, project data, or other confidential materials. A visual screenshot of some internal content is provided, indicating the presence of leaked material. Notably, the attackers have made efforts to showcase the compromised data without revealing personally identifiable information or client details, focusing instead on the company’s internal assets.

The attackers, associated with a group known as ‘safepay’, have published a claim URL linked via an onion site, suggesting the leak is part of a coordinated cyberattack. While there is no indication of the volume or specific nature of the data leaked, the presence of download links or leaked files is implied. The attack appears to target the firm’s internal operations, potentially endangering project confidentiality and sensitive business data. The breach underscores the importance of cybersecurity measures, especially for architecture and design firms that handle proprietary project information. The leak’s public exposure highlights the ongoing risks faced by organizations in the digital era, emphasizing the need for vigilant security protocols to prevent future incidents.