Ransomware Group: SAFEPAY

VICTIM NAME: horanbarker[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page pertains to a ransomware incident involving the website horanbarker.com, which is associated with the attack group known as Safepay. The attack date is recorded as July 22, 2025. The page does not specify details about the activity or industry of the victim, nor does it provide information about the number of employees or the nature of data compromised. The site includes a screenshot that appears to display an internal document or related graphic content, but no sensitive or explicit information is publicly disclosed. The incident was discovered and documented shortly after the attack date, confirming the breach status.

The ransom leak page mentions that there is no publicly available information regarding the victim’s industry or geographic location. The attacker claims to have obtained data from the targeted site, which may include internal files or data snippets, though specifics are not provided within the leak summary. The page provides a claim URL, which is accessible via the dark web, indicating a link to the leak or ransom demand. No personal or PII data has been revealed publicly, and the incident appears to be associated with the Safepay ransomware group, a known threat actor. The page offers a visual snapshot, hinting at the presence of visual evidence or leaked internal content, but it does not include any explicit details of the files or data compromised.