Ransomware Group: DRAGONFORCE

VICTIM NAME: GEA Consulting Engineers

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DRAGONFORCE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

GEA Consulting Engineers, a United States–based engineering firm founded in 1996 and headquartered in New York City, is identified as a victim on a ransomware leak page. The company operates in the Business Services sector, specializing in the design of mechanical, electrical, plumbing, and fire protection systems for other businesses in the area. The leak post asserts that sensitive information — including financial documentation and client data — has been exfiltrated from GEA Consulting Engineers’ network. It frames the incident as a data-leak event rather than solely as an encryption incident. The post is dated August 23, 2025, and since no compromise date is provided on the page, this date is treated as the post date. The page notes the presence of a claim URL, indicating a channel for response or negotiation, but no ransom amount or deadline is disclosed in the visible content. The post contains no screenshots or images.

Metadata tied to the leak page shows there are no downloadable files, no images attached, and no external links beyond the claim URL, which is present on the page. The narrative centers on GEA Consulting Engineers as the victim, with background details describing the firm’s NYC base and its service focus on systems design for other businesses. There is no stated data volume or specific ransom figure in the accessible content. Overall, the leak page presents a ransomware-related data-leak scenario affecting the victim name, with the post date serving as the temporal marker for the disclosure.