Ransomware Group: DEVMAN

VICTIM NAME: naturmaelk[.]dk

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

naturmaelk[.]dk is identified as the victim on a ransomware leak page attributed to the group known as devman. The page clearly frames the incident as a data-leak/extortion event rather than a simple encryption incident and lists a ransom demand of 550,000 USD. The post is dated 2025-10-06, which is treated as the post date since no separate compromise date is provided. The leak page signals that data exfiltration has occurred and cites a broad range of claimed data volumes—spanning hundreds of gigabytes to multiple terabytes—though the figures appear inconsistent and used to pressurize the victim. A countdown timer labeled “Time remaining” is visible, adding urgency to the negotiation scenario, and the page notes that a claim URL is present to facilitate claim verification or negotiation. Included on the page is a gallery of 36 image attachments, described only in general terms as screenshots or scans of internal documents and data artifacts; these images are hosted on onion-network servers, consistent with typical ransomware leak sites.

The body text accompanying the leak post presents a mosaic of extortion-era claims, listing numerous data-volume figures and references to data that has been exfiltrated or stolen. The description clearly centers on ransom-driven pressure, with the stated amount of 550,000 USD acting as the focal point of the negotiation. The page also contains recruitment-like and negotiation-related language, including a forum-based contact channel for private messaging and a note suggesting that specific data volume details must be provided to proceed. The combination of a sizeable image gallery and a formal claim mechanism indicates attackers aiming to prove breach activity while also steering negotiations and potential public release of the data. Taken together, the page depicts a data-leak scenario consistent with double-extortion tactics observed in contemporary ransomware campaigns, underscoring ongoing risk to naturmaelk[.]dk and similar organizations in the agriculture and food production sector.