Ransomware Group: DEVMAN

VICTIM NAME: teeuwissen[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

teeuwissen[.]com, a Netherlands-based organization operating in the Agriculture and Food Production sector, is identified as a ransomware leak victim in a post dated October 3, 2025 at 23:20:15. The leak page is attributed to the DevMan group and presents the incident as a data exfiltration event accompanied by an extortion demand. The page’s description lists a ransom of 370k and an asserted data volume of 80GB, implying a USD 370,000 demand tied to roughly 80 gigabytes of allegedly stolen data. The body text comprises a long sequence of figures tied to data volumes and ransom amounts, suggesting a broad extortion narrative with multiple claimed exfiltrations and corresponding demands. A claim URL is present on the page, and negotiation instructions direct victims to contact the attackers via private messages on a forum. The content centers on data theft and potential public release rather than an explicitly stated encryption outcome; there is no explicit confirmation that teeuwissen[.]com’s systems were encrypted.

The leak page includes a substantial collection of image attachments—36 screenshots of internal documents—purportedly illustrating the compromised data. These images are presented as visual evidence of the breach and are referenced via onion-hosted resources; the actual image URLs are not reproduced here. In addition to the imagery, the page contains forum-style extortion messaging, including a call for negotiation and a note about a minimum deposit for engagement, as well as mentions of forthcoming updates (e.g., a V2.1 release). The overall presentation signals a data-leak extortion operation targeting teeuwissen[.]com, using documentary-style attachments and a countdown to pressure the victim into payment.