Ransomware Group: SAFEPAY

VICTIM NAME: moffett-towers-club[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to an incident involving a victim identified as moffett-towers-club.com, located in the United States. The attack was discovered and publicly disclosed on June 14, 2025. The attackers, associated with the group “safepay,” have leaked information related to this victim. The breach includes details about infostealer activity involving tools such as Lumma and RedLine, with data reportedly accessed from seven user accounts. The leak includes a screenshot of the compromised system, which appears to show internal data, though no explicit or sensitive PII is visible in the summary. The incident highlights the ongoing threat posed by cybercriminal groups targeting various organizations, regardless of activity status. It is notable that the data shared does not contain any personally identifiable or sensitive information, but serves as an example of the methods used by threat actors to expose vulnerabilities.

The leak page includes a link to a dark web claim URL, possibly hosting further details or data excerpts. The included screenshot shows visual evidence of the breach, which may involve internal system screenshots or related material for proof of compromise. The attack date confirms that the breach occurred earlier in June 2025, and ongoing monitoring or investigation is likely ongoing. Overall, this incident demonstrates the importance of cybersecurity vigilance, even for organizations that may be listed as inactive or non-critical. No additional press or public statements are associated with this leak, emphasizing the covert and targeted nature of this type of cyber extortion activity.