Ransomware Group: SAFEPAY

VICTIM NAME: welcometosedgebrook[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page associated with the victim website indicates that the incident was discovered on June 14, 2025. The attack targeted the domain “welcometosedgebrook.com” and was attributed to the threat group “safepay.” Notably, there is no specific information available regarding the activity sector of the victim or their geographical location. The incident involved a data breach, with the attacker claiming potential access to some information or systems. The page includes a screenshot that appears to showcase internal or leaked content, giving a visual impression of the compromised data. No detailed technical data or personally identifiable information was disclosed in the leak summary.

The leak page provides a claim URL hosted via an onion service, suggesting an effort to maintain anonymity. The claim URL links to a page purportedly related to the breach, but no additional sensitive or PII data is accessible or displayed publicly. The group behind the attack, “safepay,” appears to target entities with a focus on extortion or data exposure tactics. Although no explicit data or download links are shared publicly, the image included hints at the leak of internal documents or screenshots, emphasizing the seriousness of the breach. Overall, the incident highlights the ongoing threat landscape where even companies with limited publicly available activity details are vulnerable to sophisticated ransomware operations.