[DEVMAN] – Ransomware Victim: g*e*g*o**l[.]com
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
On October 28, 2025, a leak page attributed to the DevMan ransomware group identified g*e*g*o**l.com as a victim. The page frames the incident as a data theft and encryption event, explicitly labeling the attack as “Ransom: oracle theft” and listing a figure of 400k in the description. The post date aligns with the page publication, and no explicit compromise date is provided beyond the timestamp. The leak page also hosts a sizable gallery of visual attachments—37 image entries in total—that appear to be screenshots or thumbnails of internal materials. The image assets are referenced as on Tor-based infrastructure, but their direct addresses are not reproduced here. The focus of the write-up remains the named victim; other company names seen in the attached visuals are not the subject of this summary.
The body excerpt of the leak presents a sequence of ransom-related figures and data-volume notes, suggesting exfiltration activity and escalating demands. The text includes multiple lines that reference data sizes and USD figures, with countdown-style lines such as “Time remaining: 4 days, 18 hours, 32 minutes, 15 seconds” and similar variants, consistent with ransomware double-extortion patterns. The page also contains a bilingual block in English and Russian. The Russian portion describes a campaign to protect CIS-region companies from such incidents and invites individuals with access to systems in Ukraine, Russia, Georgia, or CIS-owned companies to contact the group with the promise of compensation; it cautions against brute-forcing or using stealers and notes that access will be deactivated after it is handed over. It further teases a forthcoming version (V2.1) and directs interested parties to contact a forum handle, stating a data-volume threshold (e.g., at least 100 GB) for participation. The post remains centered on the victim name, while the accompanying images appear to illustrate internal materials or references, without enumerating additional target names in this summary.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
