Ransomware victim disclosure
← All victimsNoble Construction Group, LLC
listed as ncgllc.com · Claimed by Devman · listed 10 months ago
Status timeline
- ListedSep 29, 2025
- Data leakeddate unknown
At a glance
- Group
- Devman
- Status
- Data leaked
- Country
- United States
- Sector
- Education
- Listed on leak site
- Sep 29, 2025
About the victim
AI dossier — public-source company profileNoble Construction Group, LLC is a mid-sized construction management and general contracting company headquartered in Secaucus, NJ, with an additional office in Kissimmee, Florida. The company serves commercial, industrial, high-rise residential, and hospitality sectors, providing pre-construction planning, cost evaluation, and full construction management services. It operates in the greater New York City metropolitan area and Florida markets.
- Industry
- Construction Management & General Contracting
- Address
- 1 Harmon Plaza #1004, Secaucus, New Jersey 07094
- Employees
- 51-200
Attack summary
Severity: high — Data has been confirmed as published by the threat actor following a ransomware attack on a construction management firm, indicating successful exfiltration of potentially sensitive business and project data, including possible financial and personnel records.The devman ransomware group claims to have attacked Noble Construction Group and published data with a stated ransom demand of $100,000 USD. The disclosed status indicates data has been published, suggesting exfiltration of company data.
Data the group says was taken
AI dossier — extracted from the leak post- Business documents
- Project files
- Contact information
- Financial records
- Employee data
What the group claims
Ransom: 100000 USD
Sources
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

