Ransomware Group: SAFEPAY

VICTIM NAME: parksidegroup[.]co[.]uk

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page centers on parksidegroup[.]co[.]uk and is attributed to the threat actor group Safepay. The post is timestamped with a post date of 2025-08-26 09:49:26.658468. The content presents the victim as a UK-based manufacturer and distributor of architectural-grade aluminium systems, outlining product categories such as windows, doors, façades, curved curtain-wall systems, and framing solutions. It notes the organization serves sectors including commercial construction, education, healthcare, and residential building, and emphasizes engineering expertise, adherence to British manufacturing standards, durability, and aesthetic design. A revenue figure of about $7.7 million is cited in the excerpt. The material reads like a corporate profile rather than a detailed dump of stolen data, and there is no explicit mention within the excerpt of encryption, data exfiltration, or a ransom demand.

From the accompanying metadata, the leak page shows no images, screenshots, or downloadable files—the image count and downloads indicators are false, and the annotations reveal no embedded media. A claim URL is indicated as present, though no actual link is shown in this summary (the URL is defanged in the source data). There is no stated compromise date; the key_date field is treated as the post date. The page remains text-centric, offering a background profile of the victim rather than detailed evidence of what may have been compromised. The absence of explicit ransom figures or data types means the page does not confirm whether the attack involved encryption or a data leak within the published excerpt.

Overall, parksidegroup[.]co[.]uk is portrayed as a UK-based manufacturing entity focused on aluminium systems for windows, doors, façades, and related framing solutions, with stated reach across commercial, educational, healthcare, and residential sectors. The leak page appears to be a standard extortion-style post that aims to publicly associate the victim with a breach and provides a defanged claim path for more information, yet the published excerpt does not disclose a ransom amount or concrete data samples.