Ransomware Group: SAFEPAY

VICTIM NAME: heinrich-steinhardt[.]de

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a cyber incident involving the domain heinrich-steinhardt.de, a website located in Germany. The attack was publicly disclosed on April 16, 2025, and the breach appears to be linked to the threat group identified as “safepay.” The leak does not specify the activity or nature of the compromised data, and no sensitive employee or third-party information has been reported. The page includes a screenshot of an internal system or document, which suggests that the attackers may have accessed internal data. Download links or additional leaks have not been explicitly mentioned, but the presence of a claim URL indicates the victim’s acknowledgment of the breach. The incident appears to involve data theft, with potential implications for the victim’s online operations. No personally identifiable information or detailed data is exposed in the leak, maintaining a focus on the breach event itself.

The attack date is recorded as April 16, 2025, and the compromised system is associated with a German entity. The threat actors involved are associated with the “safepay” group, which has been linked to various ransomware campaigns. The website’s screenshot shows what could be internal documents or system interfaces, but no explicit details of compromised data are present. Importantly, all PII, including employee or user information, appears to have been redacted or not involved in this particular incident. The leak page provides a link for further information but does not disclose sensitive details or confidential data publicly. This incident highlights ongoing threats to web domains and emphasizes the importance of cybersecurity defenses.