[DEVMAN] – Ransomware Victim: m*c*e*ic*l[.]com
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
On 2025-11-01 23:13:28.746654, a leak post attributed to the DEV MAN group targeted the healthcare sector, identifying m*c*e*ic*l.com as a victim. The page presents a data‑exfiltration narrative rather than a straightforward encryption event, asserting that the attackers have stolen substantial data from the victim’s network and may release or sell it if their demands are not met. The description includes a stated ransom fragment—“Ransom: 50gb” and “100k”—and the body excerpt follows with a long list of data volumes and ransom figures tied to countdown-style prompts (Time remaining: 2 days, 17 hours, 7 minutes, 26 seconds, etc.). The leak page also features a gallery of 40 screenshots or images intended to illustrate internal documents or related material; however, the exact contents of the images are not described in this summary. The post date is treated as the publication date since no explicit compromise date is provided on the page. The listed victim industry is Healthcare.
In addition to the data‑leak claim, the page contains a bilingual extortion message. The English portion invites recovery companies to contact the attackers via a private messaging channel and describes a negotiation pathway for those who can provide access to compromised systems, noting a data volume threshold of at least 100 GB and a minimum USD 10,000 deposit to begin negotiations; it also references a forthcoming version (“V2.1”) and urges being placed on a negotiation list. The Russian portion expresses sympathy for CIS‑region victims and describes a program aimed at protecting CIS‑region companies from such incidents, while still soliciting access and promising rewards for data provided. It also warns against brute forcing or using stealers in the CIS. The post includes a forum‑based contact element and several negotiation parameters, illustrating a multi‑faceted extortion workflow common to contemporary ransomware operators. The overall content underscores the ongoing risk to healthcare organizations from data‑exfiltration campaigns and the evolving tactics used by threat actors.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
