Ransomware Group: SAFEPAY

VICTIM NAME: godbyhearth[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page centers on the domain godbyhearth[.]com and is attributed to the threat actor group safepay. The victim operates in the Consumer Services sector within the United States, with activities in Indianapolis and Carmel, Indiana. The page presents a breach entry typical of ransomware leak sites, showing a post date of August 15, 2025. The accompanying metadata for this record lists a key_date of 2025-08-19 10:11:01.816778, which likely reflects when the listing was captured or updated rather than the initial compromise date. A claim URL is indicated as present on the page, suggesting a path for ransom negotiations or data release, but there are no visible screenshots or downloadable files linked in the provided data. The field describing the attack’s impact is not populated, so the exact nature of the incident (e.g., encryption vs. data leak) is not specified in the supplied information.

From the post’s body excerpt, Godby Hearth & Home is described as a premium provider of home comfort solutions with origins dating to 1987. The leak page notes a broad product assortment including wood, gas, and electric fireplaces; fireplace accessories; stoves; custom shower doors; decorative glass; outdoor kitchens; grills; and patio furniture. It highlights an interactive showroom and installation services, emphasizing customized customer experiences, ongoing product training, and value-added service, framing the company as a trusted brand in residential hearth and home design. The excerpt also references revenue of about $2.6 million, which provides a sense of the business scale. The leak listing situates the victim in Indiana within the broader American consumer services landscape, though no further operational or security specifics are provided in the excerpt.

Regarding media and attachments, the leak page shows no images or screenshots and contains no downloadable content. A claim URL is present, consistent with ransomware leak patterns that offer ransom negotiations or data releases, though the dataset does not include a stated ransom amount. No explicit indication of encryption or data exfiltration is given in the provided fields (impact is blank), so the exact nature of the attack remains unspecified within this data. The victim name is preserved as godbyhearth[.]com, while no other company names from the leak text are echoed in this summary.