Ransomware Group: SAFEPAY

VICTIM NAME: itec-gmbh[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page publicly exposes data related to ITEC GmbH, a German company engaged in civil engineering and construction activities. The attack was recorded on April 16, 2025, and the breach appears to target their operational and employee data. It is noted that the leak was discovered shortly afterward on the same day. The compromised information does not include employee details, suggesting that the attacker may have accessed infrastructure or project-related data. The page includes a screenshot indicating the presence of visual evidence of the breach. The leak is associated with a group named ‘safepay,’ which is known for targeting organizations in sectors related to technology and infrastructure. No personal or PII data of individuals is publicly disclosed, but the leak signifies a potential threat to the company’s operational security and confidential project information.

The affected entity, ITEC GmbH, specializes in project management, infrastructure planning, environmental development, and construction supervision. The leak highlights concerns over the security of their internal systems and the possibility of data misuse. The leak’s timing and the group’s activity suggest a targeted attack on the company’s technology infrastructure. No additional external parties or third-party data appear to be involved based on the information provided. The leak’s visualization, including a screenshot, suggests the organization’s internal data or related visual documentation was accessed. This incident underscores the importance of robust cybersecurity measures for companies involved in critical public and private infrastructure projects.