Ransomware Group: SAFEPAY

VICTIM NAME: fmsarchitects[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page associated with the victim domain indicates that the company is an architectural firm based in the United States, established in 1983. The organization specializes in modernist design principles and works across educational, commercial, and residential sectors. The firm emphasizes sustainability and aims to create environmentally responsible buildings that optimize spatial potential. The leak was discovered on July 7, 2025, and contains a screenshot of the targeted victim’s website. The page suggests that sensitive information related to the company’s operations may have been compromised, although no specific data leaks are detailed publicly. Download links or data exfiltration details are not explicitly available in the provided information.

The leak’s content features a screenshot depicting internal aspects of the victim’s online presence, potentially indicating a breach of their cybersecurity defenses. The threat actors appear to be associated with a group identified as “safepay.” No personal or employee data has been publicly disclosed, which may suggest that the compromised data primarily involves corporate information rather than personally identifiable information. The claim URL on the dark web provides an access point to view further details, but no explicit mention of the scope of data leaked or any particular files has been provided. Overall, this incident highlights the need for enhanced cybersecurity measures, especially for organizations that manage sensitive client data or proprietary designs.