Ransomware Group: SAFEPAY

VICTIM NAME: sfhumanesociety[.]org

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page details an incident involving the San Francisco Society for the Prevention of Cruelty to Animals (SFSPCA), a well-known animal welfare organization established in 1868. The attack was publicly disclosed on May 30, 2025, and the incident is associated with the threat group “safepay.” The organization operates in the United States and primarily provides services related to animal adoption, veterinary care, and community education. The leak includes visual evidence such as a screenshot linked on the page, which appears to display internal information or communications. No specific compromised data or PII has been publicly detailed, but the leak indicates a potential breach of organizational information.

The attackers claim to have accessed and possibly exfiltrated data from the victim’s systems, which could include internal documents or operational information related to the organization’s activities. The threat actor has listed a claim URL, likely for verification or negotiation purposes, and the page suggests that the incident was detected and disclosed immediately. The nature of the attack appears to be part of a broader campaign targeting organizations in the public sector, aiming to pressure victims into paying ransom or risking further disclosure of sensitive information. No personal or financial PII of individuals or employees has been explicitly exposed within the available information.