Ransomware Group: SAFEPAY

VICTIM NAME: optivosa[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page centers on the victim domain optivosa[.]com and is attributed to the threat group Safepay. The page presents optivosa[.]com as a wholesale distributor that serves stationery stores, offices, and schools, with an inventory that includes paper products, office supplies, educational materials, and computer accessories. It also notes that the company offers IT solutions and retail support services to help local retailers thrive. The post date listed in the metadata is 2025-08-26 09:47:03.307599; since a compromise date is not provided in the data, this post date is treated as the publication date. A revenue figure of $5.2 million is mentioned in the snippet. The metadata indicates a claim URL is present on the leak page, though no specific URL is shown here. There are no screenshots or images on the page (images_count = 0), and no downloadable files or linked documents are indicated.

Regarding the impact, the provided excerpt does not explicitly state that optivosa[.]com was encrypted or that data was exfiltrated, nor does it present a ransom amount. The content appears to focus on a general business overview rather than technical breach details. The post includes a claim URL indicator, suggesting an extortion or data-leak narrative, but no concrete data samples or files are visible in the excerpt. There are zero images or screenshots on the page, and no downloads or attached documents are shown in the data. The post date (2025-08-26 09:47:03.307599) remains the published date since no compromise date is listed, and the post is associated with Safepay.