Ransomware Group: SAFEPAY

VICTIM NAME: mlderm[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to an online store specializing in skincare products aimed at treating Melasma, a common skin condition. The site, identified by the domain mlderm.com and based in the United States, was compromised on June 23, 2025. The company emphasizes scientific research and professional skincare solutions, although specific activity details are unavailable. The leak includes a screenshot of the compromised website, highlighting the extent of the infiltration. There is mention of data possibly related to internal systems, but explicit information about data exfiltration or the nature of the stolen data has not been disclosed. The breach date indicates recent malicious activity, potentially affecting the company’s operations and customer trust.

The leak page does not specify the type of data stolen or details about the attack methodology. It appears to have been identified through ongoing monitoring, and no personally identifiable information or customer data has been explicitly confirmed as compromised. The organization’s profile indicates no employee or user data was publicly available or leaked at this time. The page includes a screenshot of the website, which suggests visual confirmation of the breach. There are no links to downloadable data or additional evidence of data exfiltration beyond the publicly visible website content. The primary concern remains the potential exposure of proprietary information and internal configurations.