Ransomware Group: DEVMAN

VICTIM NAME: Gobierno del Estado de Colima

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the government of the State of Colima, Mexico, which was affected on May 26, 2025. The attack targeting this public sector entity involved significant data compromise, with the incident disclosed shortly after detection. The compromised system appears to have contained sensitive information related to state operations, though specific details about the content are not publicly detailed in the leak. The incident has been categorized under a malicious group identified as “devman”. The affected organization is involved in public administrative functions, and the attack incident highlights the ongoing threats faced by government agencies in the region. The attacker has leaked parts of the stolen data, potentially affecting internal documents or operational information.

The leak page indicates the presence of multiple infostealer tools used in the attack, including Raccoon, RedLine, Lumma, and others, suggesting widespread credential theft and data exfiltration efforts. The breach has led to the exposure of roughly 978 known users and potentially impacted third-party services associated with the government entity. Screenshots or visual evidence are not publicly available, but the leak hints at further data leaks or downloads accessible through provided links. The attack underscores the vulnerabilities in public sector cybersecurity, especially in government agencies, and highlights the importance of robust defense measures. No personal or PII details have been publicly disclosed in the leak, maintaining a focus on the general scope of the breach rather than specific compromised information.