Ransomware Group: SAFEPAY

VICTIM NAME: iicil[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a healthcare organization operating under the domain ‘iicil.com’ located in the United States. The incident was discovered on May 30, 2025, and the attack date is recorded as May 30, 2025, at 20:16:41. The group responsible appears to be identified as ‘safepay.’ The page includes a screenshot providing a visual summary of the incident, which shows internal information related to the breach. The leak suggests the compromise of data associated with the organization, although specific details about the leaked information or the extent of the breach are not disclosed. The victim’s activity in the healthcare sector indicates potential risks for sensitive health-related data exposure. There are no indications of additional compromised third parties or employee information. The leak’s purpose seems to be to publicly expose the security breach through a dedicated dark web portal.

The leak page contains a link to further details, but no explicit PII or sensitive data is displayed within the publicly available content. A prominent feature is a screenshot depicting internal documents or system interfaces, designed to demonstrate the breach’s scope. This visual evidence aims to authenticate the incident, potentially including technical details or victim information that does not, however, include personal identifiers in the publicly shared summary. The incident impacts a healthcare organization, emphasizing the importance of security measures in the medical data management sector. No additional citations or press statements are available, but the presence of the leak indicates a significant cybersecurity event involving data exposure.