Ransomware Group: SAFEPAY

VICTIM NAME: dawg-dok[.]de

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the domain identified as “dawg-dok.de,” which appears to be associated with the group labeled “safepay.” The attack was confirmed to have occurred on May 21, 2025. The incident was publicly disclosed shortly after the compromise, with the victim’s website being targeted, as indicated by the leak page. The page includes a screenshot displaying internal content, possibly screenshots of documents or data extracted during the breach. No specific details about the victim’s activity or industry have been provided, and the victim’s country of operation is listed as Germany. The leak suggests a data breach involving potential data exfiltration, but no explicit mention of PII or sensitive information has been reported. The incident signifies the ongoing threat posed by ransomware groups targeting various organizations worldwide. Consequently, affected entities should remain vigilant in monitoring their cyber defenses and review their data protection strategies to mitigate future risks.

The leak page contains a claim URL linking to an onion site, which presumably hosts leaked data or further information about the attack. It also features a screenshot, which may include visual evidence or internal information related to the breach. No download links or specifics about the data leaked are provided in the available details. The attack date remains within the year 2025, with the incident classified under the “safepay” group, suggesting potential links to financially motivated cybercrime activities. Overall, this case highlights the importance of comprehensive cybersecurity measures to prevent such intrusions and underscores the need for organizations to detect and respond swiftly to ransomware threats.