Ransomware Group: SAFEPAY

VICTIM NAME: awo-giessen[.]org

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the victim website identified as awo-giessen.org, which is located in Germany. The attack date is recorded as June 14, 2025, indicating the day the breach was discovered and potentially exploited. The website is associated with the group named ‘safepay.’ Notably, there is no available information regarding the business activity or industry of the victim, and no sensitive employee or third-party information appears to have been compromised, based on available data. The page includes a screenshot that displays some visual content, possibly of internal data or notices, providing a glimpse into the compromised data environment. The leak indicates the publication of stolen or sensitive information, with potential access to data or documents stored on the affected website. The threat actor may have used this information for extortion or further malicious activity, although specific details about the leaked contents are not provided.

The leak page features a claim URL that is hosted via an onion service, allowing access through the Tor network, which emphasizes the clandestine nature of the attack. At this stage, there is no evidence of particular data types or documents leaked, nor detailed technical information about the breach. The side mentions an AI-generated description with minimal insights, highlighting the limited available context. The incident underscores the importance of timely incident response and reinforces the need for organizations to bolster their cybersecurity measures against sophisticated cyber-attacks associated with ransomware groups such as ‘safepay.’