Ransomware Group: DEVMAN

VICTIM NAME: Feel Four

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page concerns a victim identified as “Feel Four.” The attack was discovered on April 20, 2025, and is reported to have involved a ransom demand of approximately 60,000 USD. The page does not specify the nature of the victim’s activity or industry, and no additional details about the victim’s location or country are provided. The leak appears to include an overview of the attack, with the threat actor group identified as “devman.” The extrainfo indicates that the ransom operation is still pending, suggesting ongoing or unresolved negotiations. The page includes visual content, but specific images or screenshots are not provided. Download links or data leak samples are not available for review at this time.

Overall, the leak page provides a brief but informative snapshot of the incident, highlighting key details such as the attack date, the ransom amount, and the involved threat actor group. While no sensitive or personally identifiable information is disclosed, the publication of this data suggests a significant security incident targeting “Feel Four.” The absence of additional context regarding the victim’s industry or specific compromised data limits further analysis. The presence of a screenshot field indicates potential visual evidence or communication artifacts, but this content is not included here. The focus remains on the fact that the attack has been publicly acknowledged, with ongoing developments hinted at by the “pending” status of the ransom.