Ransomware Group: SAFEPAY

VICTIM NAME: wta-inc[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The recent ransomware leak pertains to a company identified as Worldwide Travel Adventures, Inc., operating under the domain wta-inc.com. The attack was publicly disclosed on July 26, 2025, with the compromise date recorded as July 26, 2025. The victim is a travel agency specializing in customized travel packages, offering services such as accommodations, flight bookings, ground transportation, and exclusive tours at exotic destinations worldwide. The leak page does not specify the extent of data stolen but indicates the site is compromised and that data may be available through provided links. The incident was discovered promptly and is associated with the group known as “safepay.” No sensitive employee or user data is confirmed to be involved, and no graphic content has been disclosed publicly.

The leak page includes screenshots of internal documents or data leaks, and likely contains download links or other forms of data exposure related to the compromised system. The company’s activities and services are focused on providing personalized travel experiences, which involve handling client and operational data. The attack’s impact on their operational integrity or client data confidentiality remains unspecified. The location of the company is in the United States, and detailed specifics about the stolen data or the attack vector have not been provided. As part of the security incident, stakeholders are advised to monitor for any further disclosures or updates via the ransomware group’s communication channels.