Ransomware Group: SAFEPAY

VICTIM NAME: caredig[.]co[.]uk

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to the healthcare organization operating under the domain caredig.co.uk, located in the United Kingdom. The attack was discovered and publicly disclosed on July 7, 2025, with the incident date also recorded as July 7, 2025. The stolen data likely involves sensitive information related to healthcare activities, although specific details are not provided. The leak page features a screenshot illustrating the scope or impact of the attack, which possibly includes internal documents or system screenshots, emphasizing the seriousness of the breach. Download links or evidence of leaked data are implied but not explicitly detailed in this summary.

The compromised organization appears to have no publicly known number of employees or third-party associations, suggesting either a smaller healthcare provider or incomplete public data. The group responsible for the attack is identified as part of the “safepay” collection, implying possible ransomware or extortion activities targeting financial or healthcare entities. The publicly accessible claim URL points to a dark web link, indicating the leak is organized within cybercriminal communication channels. The case is documented with an image, which could include sensitive details or proof of breach, but specific contents are not described here. Overall, this incident underscores the ongoing threat to healthcare providers from ransomware actors.