Ransomware Group: DEVMAN

VICTIM NAME: NSSF KENYA /nssf[.]zip – first samle /nssfwriteup[.]html – writeup

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the organization identified as NSSF Kenya. The attack was discovered on June 7, 2025, and involved a significant data breach with an estimated value of 4.5 million USD. The threat actors claim to have encrypted all devices and exfiltrated approximately 2.5 terabytes of data, including sensitive information. The attackers have set a 24-hour deadline for contact before publicly revealing the organization’s name. The leak includes screenshots indicating internal documents or systems, and the compromised data appears to involve financial or personnel records. Additional details specify that the victim is from Kenya, with no activity explicitly listed. The attackers are from the group known as “devman,” and the incident emphasizes the severity of the cybersecurity breach.

Further specifics provided in the leak suggest that the malicious actors have stolen data stored in the file /nssf.zip, accompanied by a writeup available at /nssfwriteup.html. The attackers demand ransom payment, warning of potential public exposure if demands are not met within the specified timeframe. No contact information is publicly shared, but the leak indicates a clear intent to pressure the victim into cooperation. The attack highlights the ongoing threats facing organizations within the financial or social security sectors in Kenya, underscoring the importance of robust cybersecurity measures to prevent such incidents. No personally identifiable information has been disclosed from the leak, focusing instead on the nature and scope of the breach.