Ransomware Group: SAFEPAY

VICTIM NAME: landwwilson[.]co[.]uk

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page concerns the website of the entity identified as landwwilson.co.uk, which was compromised on July 22, 2025. The attack was orchestrated by a group known as safepay. The incident appears to involve an infostealer activity, although specific details about compromised data or sensitive information are not provided. The leak does not specify the activity sector of the victim or any additional organizational details, reflecting a possibly limited disclosure of internal information. The page includes a screenshot that may depict the compromised website or relevant internal content, providing visual evidence of the breach.

The leak page offers a link to a secured dark web address for further details or negotiation, maintaining confidentiality and integrity of the sensitive information. The attack date indicates it occurred several months before the discovery timestamp, with the event logged on July 22, 2025. No personal or employee data appears to have been targeted or leaked, and there are no indicators of third-party data involvement. The page appears to be part of a public or semi-public ransomware reporting platform that documents recent cyber incidents, serving as a warning to other organizations and a call for awareness of emerging cyber threats.