Ransomware Group: SAFEPAY

VICTIM NAME: transelectric[.]co[.]il

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 19, 2025, transelectric[.]co[.]il appears on a ransomware leak page associated with the Safepay group as a victim. The entry, framed as a public disclosure of the incident, identifies the victim in Israel’s Telecommunication sector and provides a background overview of the company’s business operations rather than technical breach details. The page describes transelectric[.]co[.]il as an Israel-based value-add distributor of electronic components and electro-mechanical solutions, listing the services offered—such as supply-chain models, design support, manufacturing, and distribution—and noting ISO and AS9100 standards. It indicates the company serves telecom, medical, military, and automation markets. The post is dated 2025-08-19 10:12:13.198350, and there is an internal timestamp within the body excerpt of 2025-08-15 18:40 along with a revenue note of $7.2 million. The leak page includes a claim URL, but contains no screenshots or image assets, and there are no downloadable items or external links visible on this entry.

From the available metadata, there is no explicit compromise date beyond the post date, and the excerpt does not reveal a ransom amount or encryption status. The page shows zero images and no downloadable content, indicating no attached media for this entry. The only identifying elements retained are the victim name, transelectric[.]co[.]il, and the page’s association with the Safepay actor. Overall, the page appears to surface background information about the victim rather than publish a data dump or released material in this instance, with no visible PII such as emails or phone numbers presented in the text.