Ransomware Group: SAFEPAY

VICTIM NAME: helixtools[.]co[.]uk

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak concerns Helix Tools, a manufacturing company based in the United Kingdom that specializes in high-quality tooling solutions for the engineering industry. The compromised website is helixtools.co.uk. The incident was detected on April 16, 2025, at approximately 23:27 local time, indicating a recent cyberattack involving ransomware. The leak page includes minimal visual content but appears to be accessible via a dark web link associated with the group “safepay”. The company provides a broad range of tools such as drill bits, end mills, threading tools, and milling tools, and is recognized for their customer service and competitive pricing.

The leak may include data related to the company’s operations, although specific details of the compromised content or data leaks have not been explicitly provided. There is no indication of stolen files or sensitive information being made publicly available. The threat actor involved appears to focus on extorting or threatening the victim, as is common with ransomware groups. The page lacks explicit visual evidence of the breach, such as screenshots or documents, but the reference to the dark web site implies that data exfiltration or potential leaks could be part of the overall attack. No personal or PII information is reported or appears to be exposed in the available data.

This incident highlights the ongoing risk faced by manufacturing firms, emphasizing the importance of robust cybersecurity measures. The attack was carried out by the “safepay” group, which is known for targeting corporate systems and demanding ransom payments. While no specific data has been confirmed as leaked publicly, organizations in this sector should remain vigilant against similar threats. The attack underscores the need for comprehensive security protocols, including regular backups, threat detection, and employee training, to mitigate potential damages from ransomware campaigns.