Ransomware Group: SAFEPAY

VICTIM NAME: donowentire[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak involved the victim website of a local tire and automotive service provider based in Bloomington, Illinois. The company’s services include tire sales, alignment, rotation, flat tire repair, as well as comprehensive auto maintenance such as brake repairs, oil changes, and battery replacements. The attack was discovered on May 30, 2025, and the breach date is also listed as May 30, 2025. The group responsible appears to be associated with SafePay, a known threat actor involved in various cyber extortion campaigns.

The leak page contains a screenshot of the compromised website or related data, indicating that the groups may have accessed sensitive internal information. Although no explicit personal or PII data is detailed here, the invasion suggests potential exposure of internal operational data. The leak URL is publicly accessible through onion sites or dark web platforms for interested parties, and it may include downloadable data or internal documents related to the victim’s operations.

Given the nature of the breach, affected parties should review the potential data exposure carefully. The site’s description emphasizes a local business providing essential automotive services, and no indication of further malicious activity such as data theft of customer records is present in this summary. The breach underscores the importance of cybersecurity measures for small to medium-sized enterprises in the consumer services sector, especially those with limited digital defenses. The incident highlights the ongoing risks faced by critical local businesses from cybercriminal groups involved in ransomware activities.