Ransomware Group: SAFEPAY

VICTIM NAME: planet-itservices[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak concerns a technology sector entity identified as “planet-itservices.com” located in India. The attack was publicly disclosed on May 21, 2025, and involved the deployment of an infostealer malware known as Raccoon, which was used to extract data from the victim. The leak page indicates that two user accounts were compromised, and the data stolen may include sensitive information associated with the organization’s operations. The website’s public claim URL suggests that the perpetrators have established a communication channel for further negotiations or information sharing. A screenshot of the compromised system or related internal content is available, illustrating the extent of the breach.

The attack appears to be part of a broader operation possibly associated with the “safepay” group, based on the leak’s categorization. There is no detailed description of the specific data stolen, but the presence of download links and the leak page indicates that the attackers have released some of the compromised data publicly. The leak’s visuals and content suggest that internal systems or documents might be included in the leak, although explicit details are not provided in the summary. No personal or employee-specific PII is explicitly referenced beyond the aggregated data about the malware activity, ensuring no sensitive individual information is disclosed.