Ransomware Group: DEVMAN

VICTIM NAME: r3consulting[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

r3consulting[.]com, a US-based technology company, appears as the victim on a ransomware leak page. The post is dated September 29, 2025. Attackers claim to have exfiltrated 400 GB of data from r3consulting[.]com and are demanding a ransom of USD 350,000. The page frames the incident as a data-leak event rather than a traditional encryption attack, which aligns with double-extortion tactics that threaten to publish stolen information. The activity is attributed to the group named devman. A claim URL is indicated on the page, and negotiations are directed through private forum messages to a user identified as DevManager. The body excerpt contains extortion-style language with multiple data-volume references, reinforcing the impression of a data-leak operation. No separate compromise date is provided beyond the publish date.

The leak page includes 22 image attachments described as screenshots, intended to illustrate internal documents or related materials tied to the claimed theft. No direct downloads are offered on the page. The page also provides a claim URL and instructs victims to contact the attackers via private forum messages to begin negotiations, with a stated minimum data volume requirement (at least 100 GB). The victim preserved for reporting is r3consulting[.]com, and the page situates the incident within the Technology sector in the United States, attributed to the devman group.