Ransomware Group: DRAGONFORCE

VICTIM NAME: Wedlich

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DRAGONFORCE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a company operating in Germany, identified as Wedlich. The incident was discovered on August 4, 2025, and appears to involve the group known as Dragonforce. The company was established as a full-service logistics provider, initially based in Bayreuth until 2023, and has been offering nationwide services in commercial real estate, project planning, and development since 2024. The page indicates that relevant data has been compromised, though specific details about the extent of the breach are not provided. The leak includes a screenshot showing internal content, which suggests that sensitive information and potentially operational data may have been accessed and released.

The leak page is part of a larger operation aimed at exposing corporate information or causing disruption. Notably, there is no specific information about the compromise date aside from the discovery date, which is August 4, 2025. The group responsible for the attack, “Dragonforce,” is known for targeting organizations with ransomware. Additional technical or internal details are not disclosed, but the presence of a screenshot points to the potential for leaked internal documents. No personal identifiers or PII related to employees or clients are included in the available information. The leak site provides a claim URL for further details, though it is hosted on the dark web, emphasizing the clandestine nature of the incident.