Ransomware Group: DEVMAN

VICTIM NAME: TOHO-CO

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

This ransomware leak page pertains to the victim entity named TOHO-CO, located in Japan. The attack was publicly disclosed on May 19, 2025, and involved the encryption of all files belonging to the victim, indicating a complete data compromise. The incident is characterized by the note that all files have been encrypted, which suggests a severe impact on the affected systems and likely extensive disruption to operations.

The leak page includes a screenshot section, although no images or visual evidence are currently provided. It also mentions that the specific attack activity details remain undisclosed, but emphasizes the encrypted state of the victim’s data. The attacker group responsible appears to be identified as “devman,” though further details are not provided. The victim’s industry activity is not specified, but the attack’s timing and encryption status highlight the critical nature of the incident, possibly targeting sensitive information or operational data.

Additionally, the page features a link to the ransomware’s claim URL, which might be used for communication of ransom demands or further negotiation, although no direct download links or leaked data are explicitly listed. The incident’s discovery timestamp precisely coincides with the attack date, confirming the prompt reporting of the breach. The overall presentation suggests a significant compromise, with encrypted files and no visible evidence of data exfiltration or secondary leaks at this stage.