[SAFEPAY] – Ransomware Victim: mccn[.]org
Ransomware Group: SAFEPAY
VICTIM NAME: mccn[.]org
NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
The ransomware leak page pertains to an educational organization with the domain mccn.org located in the United States. The compromise was publicly disclosed on June 23, 2025. The attack is attributed to the threat group identified as “safepay.” The incident involves an infostealer that targeted a single user, with no known employees or third-party vulnerabilities involved. A screenshot of the affected system’s status is available, providing visual insight into the breach. The leak page does not specify the type of data compromised, but the presence of an infostealer suggests sensitive information may have been exfiltrated. Data leaks and potentially sensitive internal information could be accessible through the provided claim URL, although specific files or details are not directly disclosed in the summary.
The page includes a visual screenshot illustrating the incident, indicating an attempt to inform or notify stakeholders about the breach. The attack affects the organization’s domain in the education sector, emphasizing the importance of cybersecurity awareness in such institutions. The incident date marks a recent breach, and the leak appears to be part of ongoing cybercriminal activity targeting educational organizations. No personally identifiable information or sensitive employee data appears to have been compromised, but vigilance remains essential. The threat group “safepay” is linked to this attack, highlighting the need for monitored threat intelligence and proactive security measures against similar future incidents.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
