Ransomware Group: SAFEPAY

VICTIM NAME: norpak[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The dark web leak page relates to a cybersecurity incident involving the website of a company specializing in industrial packaging solutions. The attack was announced on July 18, 2025, and the breach appears to be part of a campaign associated with the threat group “safepay.” The victim is based in Canada and operates within the technology sector, serving both small and large businesses for over 35 years. The compromised data is suspected to include sensitive information, although specific details about the leak have not been disclosed publicly. The site features a screenshot showing internal content, possibly indicating system access or data exfiltration. No information indicates that personal or employee data has been targeted. The breach underscores the ongoing risk faced by manufacturing and industrial firms from cybercriminal groups.

The leak page suggests that the attackers potentially have access to proprietary company information or operational data, which could threaten the company’s business operations. The site includes download links or leaked data repositories, though explicit details or URLs are not provided here. The threat actor, linked to the group “safepay,” appears to be targeting organizations in the industrial sector for financial gain or leverage. The website’s screenshot depicts what seem to be internal documents or interfaces, which might have been accessed during the attack. Companies in this domain should review their cybersecurity measures to prevent similar incidents and assess any potential exposure resulting from this breach.