Ransomware Group: SAFEPAY

VICTIM NAME: hurst-schroeder[.]de

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the victim domain “hurst-schroeder.de” located in Germany. The incident was publicly disclosed on April 16, 2025, with the attack date also recorded as April 16, 2025. Information about the activity or industry of the victim is not available, and the description provided appears to be generated by AI, indicating no specific details are provided about the nature of the data breach or compromised systems. The page includes a link to the claim portal hosted on a dark web .onion address, where further details or confirmation of the attack may be found.

No sensitive personal or corporate information has been published on the leak page. There are no reports of leaked data, screenshots, or visual content. The incident is associated with the “safepay” group, and preliminary analysis suggests that the attacker may have used an infostealer malware for data extraction; however, detailed statistics regarding affected employees or third parties are not provided. The publicly available evidence indicates an effort to claim or verify the attack, but no customer data or internal documents are openly visible or shared.