Back to Blog
high severity November 18, 2025 · scope unconfirmed

adesursas.com Listed by safepay Ransomware Group

Adesur SAS is a Colombian company based in Pasto, Nariño, that operates in the wholesale distribution of agricultural and veterinary …

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed November 18, 2025
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On November 18, 2025, the ransomware group Safepay added adesursas.com to its leak site and began publishing what it claims are internal files stolen from Adesur SAS, a wholesale distributor of agricultural and veterinary products based in Pasto, Nariño, Colombia.

Confirmed Facts from Reporting

Public reporting indicates the company was hit by a ransomware attack in which attackers exfiltrated internal files before encrypting systems or demanding payment. The Safepay leak site lists the incident and has started releasing samples of the stolen data. Exact victim numbers remain unknown, but the breach involves corporate records that can contain names, contact details, financial information, and supplier or customer data from a regional distributor serving farms and veterinary practices across southern Colombia. No confirmed timeline of the initial intrusion has been released, though ransomware groups typically exfiltrate data weeks before public posting.

Why This Matters for You and Your Family

When a company like Adesur SAS is breached, the information it holds about ordinary customers, suppliers, and employees can end up in the hands of criminals. If you or anyone in your household has done business with agricultural or veterinary suppliers in the region, your name, address, phone number, email, or payment records may now be exposed. Stolen contact details and business records are frequently resold on underground forums and used to launch phishing, identity theft, or follow-on extortion attempts against individuals. Even if you were not the primary target, one leaked record is often enough to start a chain of attacks that reach your family.

The Doxxing and Identity-Chain Risks

Ransomware leaks rarely stop at the first company. Criminals use exposed emails, phone numbers, and customer lists to map connections between accounts, social-media handles, and real-world identities. A single credential from this breach can unlock personal email, online shopping accounts, or gaming logins. Once attackers control one account, they pivot to others, harvesting more data and eventually building a complete profile. This identity-chain process turns a corporate breach into personal doxxing that can expose your home address, family relationships, and children’s online activity. Credential leaks like this one frequently cascade into account takeovers precisely because the same passwords and recovery details are reused across work, personal, and gaming services.

Safepay’s Publicly Known Track Record

Public reporting attributes the Safepay ransomware group with emerging in mid-2024. The group has claimed responsibility for attacks on mid-sized companies across Latin America, Europe, and North America, with a focus on distributors, manufacturers, and service firms. Its typical playbook involves initial access through phishing or exploited remote desktop services, followed by data exfiltration over several days, deployment of ransomware, and then dual extortion: demanding payment to decrypt files while threatening to publish stolen data on its leak site if the ransom is not paid. Safepay maintains an onion-site blog where it posts victim names and sample data to pressure targets, a pattern consistent with its prior incidents.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, handles, and real identity so you can see exactly what this breach exposes about you and your family.
  • Rotate any password you used at adesursas.com or related supplier portals anywhere else it is reused, and switch to 2FA through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your information appears it is caught and addressed within hours, not months.
  • Cover the entire household with DoxxScan family protection that extends to dependents and children’s gaming accounts, which are often the weakest link in these credential cascades.
  • Let remediation specialists handle takedown requests for any personal records that surface on data-broker or underground sites.

The incident shows how quickly a regional business breach can become a personal privacy problem for the families whose data travels with it. Taking concrete steps now limits how far attackers can follow the chain. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, and hands-on remediation by specialists, with household coverage that includes children’s gaming accounts. Start your DoxxScan trial today to close the gaps this leak has opened.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.