Ransomware Group: SAFEPAY

VICTIM NAME: overheadtyler[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the victim domain “overheadtyler.com,” which was compromised on May 17, 2025. The attack has been attributed to the threat group “safepay.” The incident was discovered shortly after the attack date, indicating prompt detection of the breach. The page features a screenshot showing internal documents or technical details, suggesting the attackers could have accessed sensitive information or provided proof of data exfiltration. No details about the activity or industry of the victim are available, indicating limited contextual information. The presence of a claim URL hosted on an onion site implies that the hackers may be offering data leaks or proof of the breach for verification. The event appears to be part of a broader campaign targeting various entities, emphasizing the importance of timely cybersecurity measures to prevent such intrusions.

While specific data leaks or file downloads are not detailed publicly, the page indicates that certain information or data may be available through the provided claim URL. The screenshot included on the leak page depicts what looks like internal documents or system screenshots, which could be of interest to cybersecurity professionals evaluating the scope of the breach. The attacker’s group, “safepay,” suggests potential motives related to financial or ransomware activities. No indication of affected employee counts or third-party involvement is available, and the incident’s precise impact remains unspecified. Overall, the page underscores the ongoing threat landscape and highlights the significance of proactive security controls to mitigate future risks.