[DEVMAN] – Ransomware Victim: h*i**c*[.]c*m[.]my
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
On October 28, 2025, a ransomware leak post associated with the group devman targets the obfuscated victim name h*i**c*.c*m.my. The page frames the incident as a data theft and encryption event, asserting that attackers have exfiltrated a substantial amount of data and are demanding a ransom. The post explicitly lists a ransom of 500k and references 60 GB of exfiltrated data, consistent with a double-extortion pattern. A countdown timer is embedded on the page, showing a multi-day window for data release or negotiation, with several instances indicating roughly four days remaining. The leak page notes a claim URL and includes 37 image attachments that appear to be screenshots of internal documents or related materials; these assets are hosted on onion services, though no direct URLs are provided here. The body excerpt presents a dense mix of data points—volumes of data and corresponding ransom figures—accompanied by a bilingual Russian-English section. The published post date is 2025-10-28 17:13:05.879742; the compromise date is not explicitly provided beyond the post date, and the victim name remains the central anchor of this summary.
Beyond the numeric elements, the bilingual content reveals an extortion-oriented approach. The Russian-language portion articulates a program aimed at “protecting” CIS-region companies while soliciting access to other networks in exchange for payment, stating a minimum deposit of 10,000 USD and promising rewards for providing access credentials, while warning against brute-forcing or using stealers in the CIS. The English portion conveys a similar negotiation posture and references a forum-based contact channel, noting a forthcoming program update. Taken together, the material exemplifies a conventional double-extortion tactic: encrypting or exfiltrating data from the victim, threatening public release or negotiation, and attempting to recruit affiliates to broaden the attack surface. The post preserves the victim’s name h*i**c*.c*m.my and includes 37 image attachments to illustrate the claim, with defanged onion-hosted assets referenced in the surrounding content. No compromise date is provided beyond the post date.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
