Ransomware Group: SAFEPAY

VICTIM NAME: jansen-aschendorf[.]de

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page concerns the domain jansen-aschendorf.de, which was actively compromised on July 1, 2025. The attack was attributed to a threat group identified as Safepay. The breach involved the theft of potentially sensitive data; however, specific details about the nature or content of the leaked information are not publicly available. The attack appears to be part of a larger campaign targeting various entities, but no industry or activity information is provided for this victim. The incident was discovered shortly after the compromise date, and security researchers have made available a screenshot of the leak site, which displays an interface related to the attack.

While the dataset indicates that there are no known indicators of sensitive personal or company data publicly leaked, the presence of a dedicated leak page suggests that the attackers may have potentially accessed or intended to leak confidential information. The campaign is associated with the group Safepay, which is known for ransomware activities targeting different regions and sectors. No download links or exfiltrated data files are directly available through the leak page, but given the patterns observed in similar incidents, victim organizations should review for possible data exposure. The page includes a visual screenshot, capturing part of the ransom note or leak site interface, but it contains no explicit or graphic content for public dissemination. The attack’s impact remains uncertain in terms of data sensitivity, but the incident underscores the importance of robust security measures for organizations under threat from ransomware groups.