Ransomware Group: DEVMAN

VICTIM NAME: ncgllc[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

ncgllc[.]com, an educational organization based in the United States, is named as the victim on the leak page attributed to the ransomware group “devman.” The post frames the incident as a data-leak operation rather than a pure encryption event and states a ransom demand of 100,000 USD. The page presents a series of claimed data-exfiltration metrics, interwoven with countdown-style prompts that imply deadlines for negotiation or payment. These elements align with common double-extortion patterns in which attackers threaten to publish stolen data if negotiations fail. The post date in the dataset is September 29, 2025; no separate compromise date is provided, so this date is treated as the leak’s publication date. The page clearly identifies ncgllc[.]com as the victim, while other company names appearing in the text are not the focus of this summary.

The leak page includes twenty image attachments that appear to be screenshots or internal-document captures intended to illustrate the attackers’ claims. No direct downloads or external links are listed on the page. The body excerpt contains negotiation-oriented language and instructions to contact the attackers via private messages, including a stated minimum data volume requirement (at least 100 GB) to proceed. Taken together, the materials underscore the education sector as the affected industry and highlight the ongoing ransomware threat to institutions that manage sensitive information, such as student records.