Ransomware Group: SAFEPAY

VICTIM NAME: qtmi[.]net

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page pertains to a victim identified as qtmi.net, a domain involved in the technology sector. The attack was publicly disclosed on July 22, 2025, and the compromise is associated with a threat group known as safepay. The incident involved an infostealer attack, although specific details about the data stolen are not provided. The page includes a screenshot that displays internal visuals related to the victim, potentially indicating the nature of the breach or the affected infrastructure.

This specific leak does not mention any personally identifiable information or sensitive company data publicly, and no additional harm-indicative content is disclosed. The threat actor has claimed the attack through a dedicated dark web link, which is accessible via the provided claim URL. The attack appears to involve technology services, and the incident’s disclosure emphasizes the impact on the victim’s network security posture. No indication of the specific compromised data or extent of the breach beyond the threat group’s claim and the provided visual evidence is available.

The page features a prominent screenshot, likely of internal documents or system dashboards, which serves as visual proof of the breach. The information shared suggests a focus on publicizing the attack rather than detailing technical specifics. There are no indications of the number of affected users or third-party entities involved. The campaign’s overall intent appears to be to reveal the breach publicly, possibly to exert pressure or demonstrate the group’s capability.