Ransomware Group: SAFEPAY

VICTIM NAME: getriebetech[.]de

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page concerns the German company “Getriebetech.de,” which specializes in transmission technology services for vehicles. Founded in Germany, the company offers repairs and maintenance for various types of transmissions, including automatic, manual, CVT, and DSG systems. Their team of expert engineers uses advanced diagnostic tools to address complex transmission issues, serving both individual car owners and automotive industry partners. The leak was discovered on April 16, 2025, and the compromise occurred shortly afterward. The page indicates that the attacker group “safepay” is responsible for the breach, which notably did not involve any employee data or third-party information. The leak includes a screenshot of the affected victim’s information page, highlighting the data access breach.

The leak page suggests that the attacker gained access to sensitive internal information, but no specific personal or employee details appear to have been compromised. It appears that the breach may have involved data related to company’s operational details or customer information, but no explicit PII has been publicly disclosed. The threat actors provide a link to a secure, onion-addressed site for further claims or communication, emphasizing their control over the compromised data. The incident underscores the cybersecurity risks faced by manufacturing and automotive service providers, especially those using digital diagnostics and record-keeping systems. The inclusion of a screenshot indicates transparency on the part of the attackers, but the actual sensitive contents have not been fully disclosed publicly.