Ransomware Group: SAFEPAY

VICTIM NAME: redsquaredentalcare[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a dental care provider based in the United Kingdom, identified by the domain “redsquaredentalcare.com.” The attack occurred on May 17, 2025, and the breach involves the theft of potentially sensitive information related to the organization. The incident was publicly disclosed on the same day it was discovered. The leak appears associated with the “safepay” group, indicating its involvement in cybercriminal activities targeting healthcare entities. The page includes a screenshot of an internal image or document, suggesting the attackers may have accessed confidential records. No specific details about compromised data or PII are visible, and the breach seems focused on theft rather than data dumping of individual records.

The leak page hints at a cyberattack aimed at disrupting the healthcare provider’s operations or extorting ransom payments. It does not specify the exact nature of the compromised information but indicates that the breach could involve confidential patient or employee data. The presence of a claim URL on the dark web implies that the victim’s data might be leak-prone or already exposed. Significant emphasis is on the visual evidence, such as a screenshot demonstrating some form of internal content. There are no reports of external press coverage or further details shared by third parties, underscoring the sensitive and potentially damaging nature of this incident within the healthcare sector.