Ransomware Group: SAFEPAY

VICTIM NAME: lewis-manning[.]org[.]uk

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the UK-based website lewis-manning.org.uk, which was attacked on July 7, 2025. The attack was identified and disclosed shortly afterward, with the incident linked to a group known as “safepay.” The page includes a screenshot showing internal information related to the victim, though specific details have been redacted for privacy and security reasons. The leak appears to involve a threat to release or has already released some data; however, the exact nature of the compromised information has not been explicitly disclosed. The attack date, discovered timestamp, and associated URLs are publicly available, but no sensitive or personally identifiable data is exposed in the leak summary.

The victim is a UK-based organization with no publicly identified employees or third-party associations at the time of the breach. The incident’s attack date indicates a recent cybersecurity event, and the leak is linked to a group actively engaged in ransomware operations. A notable feature of this leak is the presence of a screenshot, which suggests internal details have been captured, possibly to show proof of breach or for promotional purposes. No further detailed information or files have been explicitly shared in the leak summary, and there are no apparent links to additional compromised data or ongoing digital activity beyond the disclosed attack timestamp.