The Safepay ransomware group claims to have breached Chemstress, a full-service engineering and construction firm based in the United States. Chemstress, founded in 1965, specializes in industrial, chemical, petrochemical, and manufacturing facilities, offering end-to-end services from front-end engineering to construction management. The company employs a workforce of approximately 100–200 professionals and manages a broad portfolio of projects across sectors such as power generation, polymers, and food & beverage manufacturing.
According to the actor, the company has been compromised and listed on their extortion portal with a publication deadline. While the group has not yet publicly itemized specific file trees in the provided proof, Safepay typically employs double-extortion tactics, implying the exfiltration of sensitive internal data prior to encryption.
