Ransomware Group: SAFEPAY

VICTIM NAME: paradiseschools[.]org

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page associated with Paradise Schools, a network of K-12 charter schools based in Surprise, Arizona, was discovered on January 25, 2025. The organization has been providing educational services since 1997 and encompasses three institutions: Paradise Honors High School, Paradise Honors Middle School, and Paradise Education Center. Their curriculum is designed to align with both state and national educational standards, aimed at fostering creativity, critical thinking, and character development in an inclusive environment. The leak does not provide specific compromise dates but confirms the information was extracted and published on the same day it was discovered.

The extracted information indicates that the leak involved a substantial amount of data concerning the institution’s connections, specifically 11 external partners and related domains. Notably, the leak page indicates no internal employee data was compromised. Furthermore, the presence of a significant number of third-party associations raises concerns regarding potential vulnerabilities. Although no sensitive images or detailed documents are revealed in the leak, the website serves as a repository for the leaked data, where access via a provided onion link might expose further sensitive information. The current status of affected parties, including users potentially at risk, remains unspecified.