Ransomware Group: SAFEPAY

VICTIM NAME: visco[.]de

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a German-based company specializing in multimedia and internet services, known as visco.de. The attack was publicly disclosed on May 30, 2025, and the data breach involved malicious actors from the group labeled “safepay.” The company’s activities include website development, e-commerce systems, mobile applications, and digital automation solutions. Their business model focuses on providing customized digital services, complemented by SEO offerings to enhance online presence. The leak suggests that sensitive operational data or internal information may have been compromised, with the page including a screenshot of their internal interface or documentation. Download links or leaked data sets are indicated, although specific details are not provided to the public. The attack highlights potential vulnerabilities within digital service providers and underscores the importance of cybersecurity measures for such organizations.

The incident was discovered on the same day it was announced, indicating prompt detection. The threat actor associated with this leak is part of the “safepay” group, which has been linked to various cyber extortion campaigns. The leak does not specify PII or customer data; instead, it features general internal content that may include proprietary processes or technical configurations. The inclusion of a screenshot suggests visual evidence of the breach, possibly depicting internal dashboards or documents. This breach raises concerns about the security of digital service platforms and emphasizes the need for rigorous cybersecurity protocols to mitigate future attacks. Although the targeted company’s size appears minimal in terms of employee count, the breach could still expose critical operational details.