Ransomware Group: SAFEPAY

VICTIM NAME: schoene-aussicht-kassel[.]de

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the website of an entity based in Germany, identified by the domain “schoene-aussicht-kassel.de”. The attack was publicly disclosed on May 21, 2025, and the incident appears to have been conducted by the threat group “safepay.” The page contains a screenshot of the affected website and provides a claim URL linked to the leak, hosted on an anonymous Tor site, which is common for ransomware leak operations.

Despite the details provided, specific information about the nature of the data compromised, such as the type or volume of leaked files, is not included in the available data. The incident’s focus indicates a potential data breach impacting the website in question; however, no indication of the presence of personally identifiable information or sensitive data has been disclosed publicly. The attack date is recorded as May 21, 2025, suggesting the breach was identified and announced immediately following the compromise.

The page features a cybersecurity screenshot illustrating potentially affected files or internal data, but explicit content details are not provided. No external press reports or additional disclosures are available. The victim was targeted by an infostealer, albeit with no evidence of external third-party involvement or employee data exposure. The incident’s description remains general, emphasizing the attack’s discovery and the leak’s availability via the provided link without revealing sensitive information.