Ransomware Group: SAFEPAY

VICTIM NAME: packagesteel[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page pertains to the website of Package Steel Systems Inc., a company specializing in the design and fabrication of steel buildings based in Sutton, Massachusetts, United States. According to the available information, the attack was discovered on June 14, 2025, and the data breach occurred approximately at the same time, indicating a recent compromise. The company offers products such as custom-engineered buildings, barns, garages, and warehouses, along with construction management and erection services. The leak appears to involve sensitive data, with the attackers claiming to have accessed internal information related to the company’s operations and clients. The page includes a screenshot of the company’s internal interface, suggesting an intrusion into their systems. Download links and data leaks may be present on the site, but specific details are not provided in the summary. The threat group behind the attack is identified as “safepay,” with no indication of victim employees or third-party data involvement. The leak’s primary purpose seems to be exposing internal information to pressure or for financial gain. Protecting the company’s operations and data integrity remains crucial amid ongoing cybersecurity threats. The leak was hosted on a dark web site with an onion link for further access or verification.