Ransomware Group: SAFEPAY

VICTIM NAME: dosjm[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the victim domain dosjm.com, which is located in Hong Kong. The data breach and attack are believed to have occurred on May 6, 2025, with the discovery of the leak happening shortly after the attack date. The group responsible for this incident is identified as “safepay.” The site provides a link to a claim URL on the dark web, where additional details on the extorted data may be available. The breach appears to involve minimal or no employee or third-party data exposure, suggesting limited information leakage concerning personnel. A screenshot of the leaked data or related content is publicly available, displaying what appears to be internal information or documents. Despite the seriousness of the incident, no specific technical details or victim activity descriptions are provided beyond the date and victim identifier, keeping the scope of the leak relatively anonymized and limited.

The leak page emphasizes a neutral presentation, with no mention of sensitive personal or PII data being exposed. It features a visual screenshot that hints at internal data disclosures, but without explicit content description. The breach incident is associated with a hacking group focused on extortion and data theft, as inferred from the context of the leak page. Additional details such as threat actor activity, industry involvement, or other technical specifics are not available. The scenario highlights the importance of timely cybersecurity measures and monitoring of dark web leak sites for potential risks posed by such incidents.