[DEVMAN] – Ransomware Victim: r*p**fl*wa*ps[.]com

AI Generated Summary of the Ransomware Leak Page

On October 28, 2025, a ransomware leak post was published by the actor group devman, targeting the technology sector victim r*p**fl*wa*ps.com. The post frames the incident as a data theft and exfiltration event rather than a traditional encryption scenario, consistent with double-extortion campaigns. The description field notes “Ransom: oracle theft” with an associated amount of 200k. The body excerpt provides a long, ledger-like list of data-thief claims, mentioning various data volumes (from tens of gigabytes to hundreds of gigabytes) alongside numerous monetary figures—ranging from thousands to several millions of dollars—suggesting a broad and evolving ransom footprint. The page also indicates that a claim URL is present, presumably to verify the claim or facilitate payment. In addition, the leak includes a gallery of 37 image attachments, which appear to be screenshots or internal documents; these assets are hosted on onion addresses and are not displayed here in full.

The post presents bilingual content, with a substantial English section and a Russian segment. The English portion reads as a standard data-leak announcement, while the Russian text conveys a recruitment-style message tied to perceived regional needs, including a call for individuals with access to systems in Ukraine, Russia, Georgia, or CIS-owned companies to provide access, for which the authors promise compensation. A contact method is referenced but, for safety, is redacted in this summary. The Russian portion also includes cautions about not endorsing brute-forcing or the use of stealers, and it mentions ongoing development (a note about V2.1) and a requirement that any participating target suppliers provide data volumes of at least 100 GB. Taken together, the content illustrates a multi-lingual, data-leak-centric operation aimed at both exfiltration disclosure and recruitment, with r*p**fl*wa*ps.com identified as the focal victim.