[DEVMAN] – Ransomware Victim: www[.]hameshakem[.]co[.]il
Ransomware Group: DEVMAN
VICTIM NAME: www[.]hameshakem[.]co[.]il
NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
On October 3, 2025, the leak page attributed to the devman group identifies www[.]hameshakem[.]co[.]il as a victim. The page does not disclose a specific industry for the company. It frames the incident as a ransomware-driven data-exfiltration event and states that 400 GB of data has been exfiltrated, accompanied by a ransom demand described as 6kk. The post carries a timestamp of 2025-10-03 19:17:13.238761, which in this report is treated as the post date in the absence of a separate compromise date.
The page includes a gallery of 36 image attachments, described in the dataset as screenshots or internal documents illustrating the attackers’ claims. No direct downloads are visible on the page. A claim URL is present to facilitate contact with the attackers, and the body excerpt shows extortion-focused language with various data-volume figures, including a note that a new version (V2.1) will be released soon; it also references contacting a forum handle via private messages for engagement.
From a threat intelligence perspective, the listing aligns with established double-extortion ransomware patterns: publicizing a breach, asserting data exfiltration, and pressing for payment through a named ransom amount. The only company identifier retained in this report is the victim name, www[.]hameshakem[.]co[.]il; other company names embedded in image captions or surrounding text are not referenced here. Defenders should monitor for any follow-on extortion activity or data dumps linked to this victim and consider tracking the 400 GB exfiltration claim and the 6kk ransom figure across relevant forums and communication channels.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
