Ransomware Group: SAFEPAY

VICTIM NAME: accademia[.]it

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak targeted an educational institution based in Italy, identified by the domain “accademia.it”. The attack was publicly disclosed on July 16, 2025, and the group responsible is believed to be “safepay”. The leak includes visual evidence such as a screenshot of internal documents or data, which is publicly available through a linked image. The group claims the breach involved an infostealer component, but no specific details about compromised employee or user data are provided. The website associated with the victim remains accessible, and the leak appears to involve sensitive internal information related to the institution’s operations.

The leak page indicates the attackers have publicly shared access to some of the stolen data, possibly including confidential files or internal communications. The disclosure serves as a warning of the security breach and aims to pressure the victim into paying a ransom. The event underscores the growing threat posed to educational institutions from cybercriminal groups leveraging ransomware and data theft tactics. The incident highlights the importance of robust cybersecurity measures to prevent similar attacks, especially on organizations housing sensitive or critical data. The presence of a link allows interested parties to review additional details or negotiate with the attackers, although no further specifics are provided here.