[SAFEPAY] – Ransomware Victim: schoenundendres[.]de
Ransomware Group: SAFEPAY
VICTIM NAME: schoenundendres[.]de
NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
The ransomware leak page details an incident involving the victim domain “schoenundendres.de,” which is based in Germany. The attack was publicly disclosed on May 29, 2025, with the threat actors indicating they have exfiltrated data from this target. The specific activity type remains unspecified. The leak includes a screenshot of what appears to be internal documents or data, providing visual evidence of the breach. While no detailed information about the compromised data is available, the page indicates that data has been leaked or potentially published on the dark web platform associated with the attack. The claim URL points to a dark web site where further details or proof of the data breach may be accessible to authorized observers.
The incident is attributed to the “safepay” threat group, with no indication of information regarding employee or user data, suggesting that only certain types of data may have been affected. The attacker has not listed any third-party involvement or additional data leaks at this time. The presence of a screenshot suggests that evidence of attempted or completed data exfiltration has been documented visually. Overall, the leak page provides a basic summary and visual proof of the breach, emphasizing the seriousness of the incident without sharing sensitive or personally identifiable details.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
