Ransomware Group: SAFEPAY

VICTIM NAME: cascobay[.]org

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page indicates that the organization associated with the domain cascobay.org, based in the United States, has been targeted in a recent cyberattack. The incident was publicly disclosed on July 7, 2025, which is the same date the threat was discovered. The organization is focused on environmental conservation, specifically improving water quality in Casco Bay through research, advocacy, and protective measures. The leak suggests that sensitive information or data related to the organization may have been compromised as part of the attack, which is associated with the threat group known as SafePay.

The leak includes a screenshot depicting internal content from the victim, although no specific confidential data has been disclosed publicly. The incident appears to be linked to the infostealer malware, which did not seem to involve any known employee or user data at the time of compromise, based on available information. No additional press, third-party involvement, or personal data of employees is reported. The compromise appears to be primarily related to the organization’s website and operational infrastructure, with potential impacts on their environmental conservation activities. Download links or detailed data leaks are not explicitly provided, but the leak’s presence emphasizes the importance of cybersecurity defenses for organizations managing sensitive environmental data.