Ransomware Group: DRAGONFORCE

VICTIM NAME: Rothmann Immobilien

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DRAGONFORCE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Rothmann Immobilien is listed as the victim on the leak page and is described as a small real estate firm operating in Germany, with 1 to 4 employees and annual revenue in the range of 1 to 5 million. The page shows a post date of 2025-09-26 17:48:28.815173; in the absence of a separate compromise date in the supplied data, this timestamp is treated as the leak’s post date. The description begins with the phrase “(Client data inside),” indicating that client-related information is claimed to be included among the leaked materials. The available data does not provide an explicit designation of impact (such as “Encrypted” or “Data leak”).

According to the metadata, the leak page contains no screenshots or images, and there are no downloadable files or external links listed in the data. A claim URL is indicated as present on the page, suggesting there is a channel for victims to respond or verify the breach; however, the actual URL is not shown in this summary. No ransom amount or explicit monetary demand is disclosed in the provided fields.

In summary, Rothmann Immobilien is identified as the victim within a real estate context, with a small workforce and modest revenue. The page’s post date is 2025-09-26 17:48:28.815173, treated here as the publication date since no separate compromise date is provided. The entry contains minimal media and no visible attachments in the data available, and no ransom figure is stated. The presence of a claim URL implies an avenue for further action, while the limited data underscores the need for cautious monitoring of any future disclosures related to this incident.