Ransomware Group: DEVMAN

VICTIM NAME: www[.]paragonradiology[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware incident targeting the healthcare organization associated with the domain www.paragonradiology.com was discovered on May 23, 2025. The attack involved extensive data encryption, with all files on the affected systems encrypted and records stolen, indicating a severe data breach. The threat actors demanded a ransom, with the claimed value estimated at approximately $200,000 USD. The attack was attributed to a group identified as “devman,” which is known for targeting critical infrastructure and healthcare services. The incident underscores the significant impact such breaches can have on patient data and operational continuity in the medical sector. Although no specific details about the internal content or compromised data are publicly disclosed, the incident highlights the importance of cybersecurity measures to protect sensitive healthcare information.

The attack involved the encryption of all stored files and the theft of records, demonstrating a double extortion tactic. The breach appears to be part of a broader campaign, with the perpetrators claiming the ransom amount in their communication. The attack’s discovery date and the attack date coincide, suggesting immediate detection. No screenshots or additional data leaks are publicly visible. The incident raises concerns about vulnerabilities in healthcare systems and emphasizes the need for robust security protocols to prevent similar attacks in the future. The organization affected operates within the United States healthcare sector, which makes it particularly critical given regulatory requirements for patient data security.