Ransomware Group: SAFEPAY

VICTIM NAME: hennertanklines[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the transportation and logistics company identified as hennertanklines.com, based in the United States. The attack was publicly disclosed on May 29, 2025, and the compromise date is noted as the same day. The leak appears to involve an attempted data exfiltration or theft, with details pointing to an infostealer component designed to gather information on employees, third-party partners, and users, although no specific PII was reported as compromised in the available information. The page includes a screenshot, which shows visual evidence related to the victim’s internal environment. Additionally, there are download links and data leaks associated with this incident, though exact files or data are not detailed in the report. Overall, this attack targets a company within the logistics sector, potentially impacting operational integrity and customer data safety.

The leak page is hosted on a dark web platform, accessible via an onion URL, which offers further verification of the breach. The threat actor responsible is affiliated with the group ‘safepay,’ indicating a possible ransom or extortion motive. The screenshot provided on the leak page shows internal documents or infrastructure details, primarily serving as evidence of the breach. No press releases, or additional public communication, were associated with this incident. The attack timeframe suggests a recent compromise, and the leak emphasizes the potential risks faced by the victim in terms of data security and operational disruption within the transportation and logistics industry in the US. The incident illustrates the ongoing threat posed by ransomware groups targeting critical supply chain entities.