Ransomware Group: SAFEPAY

VICTIM NAME: jockeysalud[.]com[.]pe

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page related to the healthcare institution “Jockeysalud.com.pe” indicates a serious security incident that occurred recently. The organization, based in Lima, Peru, is known for its commitment to providing high-quality health services, including specialized healthcare, preventive medicine, medical examinations, nursing services, and emergency care. The leak suggests that sensitive information has been exposed, raising significant concerns over data privacy and patient confidentiality. No specific compromise date was available; however, the page was discovered on March 11, 2025, with additional post details published shortly after. This health institution employs approximately 423 individuals and serves a user base of 185, indicating a sizable operation within the healthcare sector.

The leak page provides an overview of various data theft methods employed by infiltrators, detailing several infostealer tools such as RedLine and Lumma, which have compromised varying amounts of data from the organization. The page includes various statistics about the type and amount of sensitive information accessed, showcasing the active threat landscape facing healthcare institutions today. Additionally, the leak page contains a screenshot, likely depicting internal documents, which further underscores the range of data exposed. There were mentions of third-party domain involvement as well, indicating potential wider implications for the cybersecurity posture of associated entities. The presence of links for downloading information was noted, but specific details regarding these downloads remain undisclosed.