Ransomware Group: METAENCRYPTOR

VICTIM NAME: Groupe Devimco

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the METAENCRYPTOR Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The compromised entity is Groupe Devimco, a prominent real estate development firm based in Quebec, Canada. The company specializes in designing and creating innovative mixed-use living environments and has been operating in this sector for over 30 years. In 2024, its revenue reached approximately $44 million. The ransomware attack was publicly disclosed on June 4, 2025, with the breach detected within minutes. The attackers, identified as part of a group called “metaencryptor,” reportedly accessed various internal information, including data related to employees and third-party partners. The leak affects the company’s online presence, including its official website, which is domain-matched to the victim’s name. The incident highlights vulnerabilities in the company’s cybersecurity posture, especially given the activity of the infostealer known as “Raccoon.” The leak page includes a screenshot of internal documents, suggesting substantial data compromise. No personally identifiable information (PII) of individuals has been publicly exposed on the leak page, and the attackers do not seem to have released sensitive employee or client information at this time.

Authorities or cybersecurity analysts should note that the leak contains references to multiple third-party entities and indicates ongoing data exfiltration activities involving various malware tools such as Raccoon. The presence of download links and the promise of additional data leaks suggest that further information may be forthcoming. The site includes a visual screenshot, revealing internal visuals or documents, but no explicit sensitive data or PII are displayed publicly. The incident underscores the importance for organizations in the construction and real estate sectors to strengthen their cybersecurity defenses and monitor for signs of infiltration. As of now, the attack appears to be limited in scope but illustrates the persistent threat landscape faced by large corporations involved in real estate development, especially those managing significant revenue streams.