[DEVMAN] – Ransomware Victim: omniumint[.]com
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
On November 11, 2025, a leak post associated with omniumint.com was published by the threat actors and presents the incident as a data theft with data exfiltration. The page claims that roughly 1.2 TB of data has been exfiltrated and that a ransom of 1.2 million USD is demanded. The description also references “one very interesting email” among the leaked materials. The body excerpt reveals a large, disjointed ledger of data sizes (for example, entries such as 120 GB, 60 GB, and 400 GB) paired with monetary figures spanning hundreds of thousands to tens of millions of dollars, indicating a multi-faceted extortion framework rather than a single fixed ransom. There is a countdown timer on the page signaling urgency, and the post date serves as the publication date since no explicit compromise date is provided. The content identifies the victim as omniumint.com, with no clear industry classification supplied in the dataset.
The leak page features a substantial visual component, including 37 image attachments described generically as screenshots of internal documents used to illustrate the claims. In addition to these images, the page contains bilingual text (English and Russian) that includes a message addressed to recovery companies offering a “deal” and instructing negotiations to occur via a dedicated channel, with a stated minimum data volume (100 GB) required for engagement. The attackers reference a forthcoming update (V2.1) and a point of contact (an in-page alias used for negotiations), and they indicate there is a claim URL for verification. The combination of numerous screenshots and multilingual extortion messaging aligns with contemporary ransomware leak campaigns that pair data exposure with public negotiations to pressure victims.
Notes and cautious interpretation: The post’s date is November 11, 2025, and it identifies omniumint.com as the victim. The material presents claims of exfiltrated data and a multi-tier ransom structure, but the exact scope and nature of the compromised data should be corroborated through independent forensic analysis. The page’s inclusion of a claim URL and a large gallery of image attachments, together with the English-Russian messaging about negotiations via Tox and data-volume prerequisites, signals a typical double-extortion pattern, though the content remains unverified based on the leak page alone.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
