Ransomware Group: SAFEPAY

VICTIM NAME: briar-group[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to The Briar Group, a hospitality company based in Boston, Massachusetts, operating numerous dining establishments including pubs, bars, and restaurants. The attack was publicly disclosed on July 26, 2025, with the breach identified as part of a campaign by the threat group known as Safepay. The company specializes in providing diverse dining experiences and has a significant presence within the local hospitality industry in the United States. The leak was confirmed shortly after the discovery, which occurred approximately one minute later, indicating prompt reporting of the incident.

The website included a screenshot showcasing internal information related to the incident and did not reveal any compromised personal or employee data. No personal identifiers or PII were disclosed in the leak, emphasizing that the breach appeared to target company data rather than individual information. The threat actors associated with this attack are identified as a part of the Safepay group, which is known for its infostealer operations. This suggests that the ransomware incident may have involved data exfiltration, potentially threatening the company’s operational security and data integrity. The leak page provides a claim URL linking to a dark web access point, but no specific malicious code or detailed files were publicly displayed.

The breach case underscores the importance of cybersecurity measures for establishments in the hospitality sector, especially those handling substantial customer and operational data. The leak’s medium includes a visual screenshot, but no explicit sensitive or harmful content was described or visible. The threat actor group has targeted the organization discreetly, warning of potential further compromises if additional data or vulnerabilities are exploited. Overall, the incident reflects the ongoing risks faced by hospitality companies in cybersecurity, especially from sophisticated threat groups operating within the realm of ransomware extortion.