Ransomware Group: DEVMAN

VICTIM NAME: lantro[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a cybersecurity incident involving a technology sector entity identified as lantro.com, located in Belgium. The attack was detected and disclosed on May 31, 2025. According to available data, the victim’s network was compromised, resulting in a complete lockdown of the network infrastructure. Approximately 60 gigabytes of files were stolen during the breach, indicating a significant data exfiltration event. The incident involved the deployment of malicious information-stealing tools, notably Lumma and StealC, which targeted employee and third-party information. The attackers are linked to a group known as ‘devman’ and have claimed financial gains approximately valued at 1.1 million USD from this operation. There is evidence that the attackers may have accessed multiple third-party domains, increasing the scope of the breach and potential data exposure.

The leak page suggests the attackers have potentially disseminated sensitive information and raw data obtained from the compromised systems. Though no explicit screenshots or detailed evidence are included, the mention of stolen files and the focus on network lock-down imply the presence of compromised internal data, possibly including confidential business information. The hacker group has provided a specific URL for further claims or details, but no press releases or additional public statements are listed. Notably, the victim’s activity is classified under technology, and the incident occurred in Belgium, highlighting the cross-border nature of modern cyber threats. The minimal number of employees affected indicates a targeted attack aimed at critical infrastructure or sensitive information within a relatively small organization.