Ransomware Group: DEVMAN

VICTIM NAME: www[.]braswellsvc[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On the leak page attributed to the Devman group, the victim is www[.]braswellsvc[.]com, a US-based company operating in the Business Services sector. The post states that www[.]braswellsvc[.]com suffered a ransomware incident resulting in data exfiltration, with the attackers claiming about 300 GB of data has been exfiltrated and a ransom demand of 120,000 USD. The page is dated September 29, 2025, and in the absence of a separate compromise date this date is treated as the post date. A claim URL is indicated on the page, suggesting a verification mechanism for the attackers’ claims. The post also notes that 25 screenshots/images accompany the leak, and no direct file downloads are offered on the page.

The leak includes 25 image attachments, which appear to be screenshots or screen captures related to internal material, hosted on a Tor onion service. The exact contents of the images are not described in the summary, but their volume indicates an effort to provide tangible proof of suspected exfiltration alongside the ransom note. The surrounding text references various data-size claims and time-limited prompts, with mentions of future updates (for example, a note about “V2.1 is out in 1 week”). The post also outlines negotiation terms, including a minimum deposit to engage, and calls for private-forum communication with a group representative to proceed with negotiations.

Overall, www[.]braswellsvc[.]com appears to be a victim of a data-exfiltration and extortion operation conducted by the Devman group. The content reflects standard ransomware-leak patterns: a ransom demand, claimed exfiltrated data volumes, visual evidence in the form of image attachments, and a forum-based negotiation workflow. While no direct contact details for the victim are provided here, the leak page emphasizes the risk of public data release if demands are not met and underscores ongoing extortion activity typical of modern double-extortion campaigns.