Devman

SSN, medical data, medical cards ID 26099

Finance documents, clients PII ID 26083

Patient data, med cards ID 26006

[AI generated] N/A ID 26003

The data contains materials of national security including BIO laboratory facilities blue prints, and infromation regardless US army nitroglycerin supply chain. ID 25906

PII data, SSN´s financial and audit reports. ID 25905

Client data, HR data ID 25887

No additional victim description available. ID 25886

[AI generated] TIW Group is a specialist software firm with over 30 years of experience in developing solutions for the insurance industry. Their flagship product, ALIS, provides end-to-end solutions for life insurance and annuity processing. Additionally, they provide business process automation, legacy modernization, and risk compliance management services. Their digital solutions help businesses to streamline operations and improve business efficiency. ID 25882

PII data, SSN´s financial and audit reports. ID 25881

[AI generated] TWI Group is a specialized freight forwarder and logistics provider that primarily focuses on the trade show industry. The company provides a wide range of services, including domestic and international transportation, on-site handling, customs clearance, and more. Based in Nevada, USA, TWI operates globally reaching more than 180 countries. They are recognized for their expertise in managing logistics for all sizes of trade show exhibits. ID 25859

The data contains materials of national security including BIO laboratory facilities blue prints, and infromation regardless US army nitroglycerin supply chain. ID 25834

Insurance data, Hr data, client data ID 25831

No additional victim description available. ID 25808

Patient data, medical cards clinic records ID 25734

No additional victim description available. ID 25733

[AI generated] AutoMax.com is a leading used car dealership group in the US. Known for its wide range of high-quality pre-owned vehicles, AutoMax.com provides affordable options with comprehensive auto inspection and warranty. They offer financing options for all credit situations. The company is committed to delivering excellent customer service through its knowledgeable and friendly staff. ID 25668

[AI generated] N/A ID 25667

No additional victim description available. ID 25666

No additional victim description available. ID 25665

No additional victim description available. ID 25664

[AI generated] Mims.com is an online resource for medical professionals used mainly in Asia-Pacific and Middle East regions. It provides latest drug information and medical news, with a database featuring information about thousands of prescription medications. It also offers feature articles, opinion pieces and continuing medical education (CME) activities. It's extensively used by doctors, pharmacists, nurses and students. ID 25663

[AI generated] N/A ID 25662

[AI generated] Tvgoiania is a media and news company based in Goiânia, Brazil. It provides a platform for local news, events, and updates significant to the Goiania area. The company offers a variety of media content in the form of live shows, news broadcasts, publications, and web content. Tvgoiania operates primarily in Portuguese language. ID 25654

NSSF is a retail and e-commerce entity associated with Sweden, a market where online commerce is widely used across consumer and business sales channels. Sweden’s retail sector is characterized by strong e-commerce adoption and modern payment and platform infrastructure, supporting digital storefronts and transaction processing. In that context, NSSF fits within a sector focused on online merchandising, customer ordering, and commerce operations. It was listed as a ransomware victim associated with devman. ID 25653

[AI generated] N/A ID 25459

Financial, contracts HR data ID 25454

[AI generated] Consigaz is a Brazilian company that specializes in the distribution of Liquefied Petroleum Gas (LPG) for both industrial and residential use. They offer services such as cooking gas delivery and installation of gas systems for businesses. The company is committed to safety and environmental responsibility, using advanced technology for efficient gas handling and distribution. Consigaz operates across several Brazilian states. ID 25453

Datatheft 300gb of data stollen includes gov documents, deeds and much more ID 25452

data theft, evidence, officers personal information police reports, DEA open cases information ID 25451

Patients data, plastic operations data, SSNs ID 25450

Financial, patients data, HR data ID 25449

Case data, atourney client data, hr data ID 25448

Financial, Hr documents, claims ID 25180

Patients data, financial data ID 25179

Financial data, HR data ID 25178

Financial, Custommer data ID 25177

HR data ID 25092

Financial, Hr documents, claims ID 25091

Hr data, client data ID 25090

Patients' full records, HIV test results, IDs. Throughout a long waiting period, and despite a vast number of phone calls and emails sent by our team to the hospital, we have seen no action from the clinic to resolve the issue - knowing that the HIV tests could potentially change the lives of people whose relatives, friends, and workplaces will... ID 25016

HR data ID 25005

Financial, Client IDS ID 24989

Passport scans, Financial ID 24988

Financial, HR data ID 24956

SRC, Client data ID 24955

Financial, Client IDS ID 24954

[AI generated] N/A ID 24937

Financial, HR ID 24880

Patients full records, HIV tests results, ID's ID 24879

Financial, HR data, Client data ID 24859

No additional victim description available. ID 24858

HR data, clients data, Financial data ID 24806

Financial, HR data, Client data ID 24805

Financial, HR ID 24804

[AI generated] N/A ID 24782

Financial data, clients data ID 24760

No additional victim description available. ID 24759

Employee data, hr info, projects, Work logs of the power plants, Scada SRC ID 24719

[AI generated] Hopital La Rabta is a major hospital located in Tunis, Tunisia. It provides a wide array of medical services to the Tunisian population. The hospital prides itself on its team of highly skilled and dedicated medical professionals who utilize advanced medical equipment to effectively diagnose and treat diseases. It offers surgical services, specialty medicine, emergency care, and outpatient services. ID 24718

No additional victim description available. ID 24697

Financial data, clients data ID 24696

Data theft 80gb ID 24695

patient data ID 24662

Financial Records, Med cards, Hr documents ID 24661

Full quickbooks dump, patients data, and financial data ID 24660

[AI generated] Solidere, short for Société Libanaise de Développement et Reconstruction, is a Lebanese joint stock company responsible for the reconstruction, development, and management of Beirut’s Central District. Created in 1994, the firm is entrusted with restoring Beirut's historical buildings, attracting investments, and promoting tourism. It effectively serves as a private real estate company, but granted with governmental powers for urban development. ID 24553

Financial data, medical records ID 24542

Financial Records, Med cards, Hr documents ID 24541

Datatheft Client DB ID 24540

Financial data, medical cards ID 24539

Ransom: 200gb 150k ID 24418

Ransom: 200gb 220k ID 24367

Ransom: 75k 50gb ID 24366

Ransom: ecaretest.com 350k 246gb ID 24329

Ransom: 90k 236gb ID 24328

Ransom: 550k 280gb ID 24327

Ransom: 75k 50gb ID 24326

Ransom: 200gb 150k ID 24325

Ransom: 250k 200gb ID 24324

Ransom: 500gb 400k ID 24124

Ransom: data theft 40gb 120K ID 24122

Ransom: 200k 120gb ID 24003

mcchemical.com is the website of MidContinental Chemical Company, Inc. (MCC), a US-based manufacturer headquartered in Olathe, Kansas. The company produces and distributes petroleum additives designed to improve the performance of fuels and lubricating oils in vehicles, equipment, and machinery. MCC has operated since 1994 and supports research and product development alongside sales, marketing, and supply chain functions. In threat-intelligence listings, mcchemical.com was identified as a ransomware victim associated with devman. ID 23997

Ransom: 200k 80gb ID 24581

Ransom: 300k 120gb ID 23936

Ransom: 210k 145gb ID 23935

Ransom: 248000 30gb of files exfiltrated ID 23814

Omnium International is an independent professional services firm focused on project management, commercial management, contract management, cost consultancy, quantity surveying, and dispute resolution. Its website says it serves clients across Dubai, Abu Dhabi, Saudi Arabia, the UK, Europe, and Cyprus, with international offices supporting its work. Available directory and company listings place Omnium International in the business services category and identify the firm as headquartered outside the US, while this index lists omniumint.com under a US ransomware victim entry. It was listed as a ransomware victim associated with devman. ID 23787

Ransom: 1.2million 1.2 tb and one very interesting email ID 24580

Ransom: 500k 120gb ID 23621

Ransom: 500k 60gb ID 23583

Ransom: 50gb 100k ID 23553

Ransom: 500k 120gb ID 23541

Ransom: 60gb 300k ID 23540

Ransom: data theft 400k ID 23451

Ransom: 700k 120gb ID 23438

Ransom: 500k 60gb ID 23437

Ransom: oracle theft 200k ID 23436

Ransom: oracle theft 400k ID 23435

pharmaciedesalizes.fr appears to be a French pharmacy-related healthcare site in the healthcare/pharma sector, reflecting the role of pharmacies in France’s broader healthcare system. In France, pharmacies dispense prescription and over-the-counter medicines and provide health advice and other patient-facing services within the national health framework. The site is therefore best understood as part of France’s healthcare and pharmaceutical services environment, with a local presence in France. It was listed as a ransomware victim associated with devman. ID 23173

Ransom: 50k 80gb ID 24579

Ransom: 1400000 USD ID 23161

Ransom: 200k 400gb ID 23127

Ransom: 200k 300gb ID 23126

Ransom: 200000 USD ID 23065

Ransom: 250k 300gb ID 22964

Ransom: 200000 USD ID 22963

Naturmælk is a Danish dairy company based in Tinglev, South Denmark, that is owned by the farmers who supply its milk. It operates as an organic dairy and produces milk and dairy products with an emphasis on sustainability, transparency, climate, biodiversity, and animal welfare. Company information and contact details identify Naturmælk as a small, ambitious mejeri serving the Danish market. Naturmælk (naturmaelk.dk) was listed as a ransomware victim associated with devman. ID 22832

Ransom: 550000 USD ID 24578

Ransom: 370k 80gb ID 22790

Ransom: 6kk 400gb exfiltrated ID 22787

Ransom: 50000 USD ID 22707

Ransom: 50000 USD ID 22706

Ransom: 500000 USD ID 22704

Ransom: 150000 USD ID 22703

Wrapex Industrial Services Incorporated is a Canadian industrial services company based in Alberta, with locations in Edmonton, Rocky Mountain House, and Lloydminster. It provides industrial insulation, glycol tracing, utilidor, scaffolding, shrink wrapping, and access solutions for construction, maintenance, and turnaround projects across western Canada. Public company descriptions also place it in the construction sector and identify it as a private firm serving energy, petrochemical, pulp, and paper clients. It was listed as a ransomware victim associated with devman. ID 22660

Ransom: 780000 USD ID 24577

PestBusters Singapore is a Singapore-based pest control company that provides pest control services not in connection with agriculture. Company records also note secondary construction-installation activity, and its office is registered at 139 Cecil Street, #05-01 YSY Building, Singapore. Its website describes it as one of Singapore’s leading providers of pest control services, with NEA-compliant protocols and services for residential and commercial clients. In threat-intelligence indexing, pestbusters.com.sg was listed as a ransomware victim associated with devman. ID 22644

Braswell Services LLC is a Texas-based U.S. company operating in support services and logistics, with business lines that include procurement, manufacturing, kitting, transportation, and storage-related services. Public company listings also describe it as serving vehicle and industrial needs, including components, accessories, and related repair or freight activities. The company is associated with New Boston and the Hooks, Texas area, reflecting a regional operational footprint in the United States. In the threat-intelligence index, Braswell Services was listed as a ransomware victim associated with devman. ID 22643

Ransom: 120000 USD | Note: 300gb exfiltrated ID 24576

Busaba.com is the website of Busaba Eathai Limited, a London-based Thai restaurant group in the UK hospitality sector. The company presents itself as a modern Bangkok dining brand built around Thai cooking, with restaurant services and a customer-facing privacy policy that references bookings, enquiries, offers and events. Public company data places Busaba Eathai Limited in London, England, and classifies it as a licensed restaurant business. It was listed as a ransomware victim associated with devman. ID 22642

Ransom: 580000 USD ID 24575

Chicago Botanic Garden is a nonprofit public garden in Glencoe, Illinois, in the United States, centered on a 385-acre landscape with 27 to 28 themed gardens and related visitor areas. It offers seasonal walks, tram tours, a café, a garden shop, plant information resources, membership, and educational programs, classes, and workshops for visitors and members. The site supports garden visits, learning activities, and plant discovery through collections, plant profiles, and conservation-related content. It was listed as a ransomware victim associated with devman. ID 22641

Ransom: 590000 USD ID 24574

r3consulting.com is the website of R3 Government Solutions, a professional services company based in Arlington, Virginia, United States. The firm says it provides services and solutions that help agencies address difficult staffing and organizational challenges, with work in federal human capital, human resources, and training. Company listings also place it in the Services sector and describe it as a US-based business with offices in Arlington and Marco Island. It was listed as a ransomware victim associated with devman. ID 22640

Ransom: 350000 USD | Note: 400gb stollen ID 24573

Ransom: 100000 USD ID 22639

Ransom: 590000 USD ID 22638

Ransom: 100000 USD ID 22637

1000000 USD ID 22416

91000000 USD ID 22415

1700000 USD ID 22414

91000000 USD ID 22156

1000000 USD ID 22109

5000000 USD ID 22108

1000000 USD ID 21529

www.diethelmtravel.com is the website of DTH Travel, formerly Diethelm Travel, a Thailand-based destination management company in the transportation and travel sector. The company provides tailor-made holidays, inbound travel services, and destination management across Asia, serving leisure and business travelers from its Bangkok base. Public directory and company materials describe a long-standing regional travel operator with offices and local partnerships in multiple Asian markets. It was listed as a ransomware victim associated with devman. ID 21528

1800000 USD ID 24572

1000000 USD ID 21482

1050000 USD ID 21481

1100000 USD ID 21480

6000000 USD ID 21479

4000000 USD ID 21252

4000000 USD ID 21228

15000000 USD ID 21207

2270000 USD ID 21156

Solidere is a Lebanese real estate company based in Beirut, with its headquarters in the Beirut Central District. The company’s stated objective is to acquire real estate properties and to finance and execute infrastructure works in the Beirut Central area, supporting redevelopment and related urban projects. Its website, solidere.com, serves as the company’s corporate presence and information channel. In threat-intelligence listings, solidere.com was associated with a ransomware victim entry tied to devman. ID 21129

2270000 USD ID 21128

7250000 USD ID 21108

(To be disclosed)... ID 20983

450000 USD ID 20982

TBD... ID 20981

1000000 USD ID 20980

1000000 USD ID 20979

Elematec Corporation is a Japan-based integrated service company in the electronics industry, headquartered in Tokyo, Japan. It describes itself as providing electronics-related services supported by a long-established client base and on-site capabilities, with offices and group operations across Japan and overseas. The company’s corporate information and network pages show a global business footprint spanning Asia and the Americas. Elematec.com was listed as a ransomware victim associated with devman. ID 20978

10000000 USD ID 24571

GOTEC Group is a specialist in surface treatment and bonding-agent coating for rubber, metal, and plastic parts, with a global industrial footprint across Europe, the Americas, and Asia. Its headquarters are in Wülfrath, Germany, and the company operates production and sales locations in multiple countries, including Switzerland-related business activity. Public company profiles describe GOTEC as a supplier to automotive and industrial customers, focused on coating and adhesion solutions for technical components. The domain gotec.com was listed as a ransomware victim associated with devman. ID 20977

6450000 USD ID 24570

NSSF Kenya is Kenya’s National Social Security Fund, a public-sector social security institution based in Kenya that administers social protection services for workers and employers. In threat-intelligence catalogs, it is referenced with related sample or writeup labels such as nssf.zip and nssfwriteup.html, which are used to index the incident record rather than describe the organization’s operations. The listing places the entity in the “Other” sector and frames it as a ransomware-related target in Kenya. It was listed as a ransomware victim associated with devman. ID 20517

TBD ID 20391

1.1 million USD ID 20373

130k USD ID 20251

TBD ID 20238

TBD ID 20217

200k USD ID 20200

Netstar is a South African company in the transport and security technology space, best known for vehicle tracking and stolen-vehicle-recovery services. It says it pioneered the industry in South Africa in 1994 and provides nationwide customer support from offices in Midrand and other locations across the country. The company also references business and personal contact services through its website and branded regional offices. In threat-intelligence records, netstar.co.za was listed as a ransomware victim associated with devman. ID 20199

1.2 million USD ID 24569

4.5 million USD ID 20137

TBD ID 20135

TBD ID 20134

TBD ID 20133

120k ID 20132

TBD ID 20131

Piriou Vietnam is a shipbuilding company based in Ho Chi Minh City, Vietnam, with operations also associated with Long An province. It builds medium-sized aluminum and steel vessels to European standards, emphasizing high added value and competitive pricing. Company materials describe it as PIRIOU VIETNAM, formerly SEAS South East Asia Shipyard, and place it in the ship and boat building sector. The entity was listed as a ransomware victim associated with devman. ID 20130

383K USD ID 24568

80K USD ID 19966

590K USD ID 19959

TBD ID 19958

dailynews.co.th is the online edition of Daily News, a Thai-language daily newspaper based in Bangkok and distributed nationwide. Its website publishes general news coverage for Thailand, including latest news, breaking stories, sports, entertainment, health, and current affairs. The publication describes itself as an internet daily newspaper offering broad news analysis and up-to-date reporting for readers in Thailand. In threat-intelligence listings, dailynews.co.th appears as a ransomware victim associated with devman, with Thailand recorded as the country and Other as the sector. ID 19944

375K USD ID 24567

gmanetwork.com is the official website of GMA Network, Inc., a Philippine media and broadcasting company based in Quezon City, Metro Manila. GMA Network operates television and radio services and presents news, entertainment, and corporate information through its public web presence. The company describes itself as the Philippines' leading broadcast network, with a broad portfolio of programs and media-related businesses. In threat-intelligence catalogs, gmanetwork.com was listed as a ransomware victim associated with devman. ID 19934

2.5 million USD ID 24566

https://www.gmanetwork.com/news/ is the official news portal of GMA Network, one of the largest television and media networks in the Philippines, delivering latest Philippine and international news coverage. The site offers real-time updates on politics, business, science, technology, and entertainment, serving audiences across the Philippines and globally. It operates from Quezon City and is recognized as a leading and trusted source for broadcast and digital news in the country. The portal was listed as a ransomware victim associated with the threat actor devman. ID 19933

PestBusters is one of Singapore's leading providers of pest control services, combining expertise with rigorous, NEA-compliant protocols for residential and commercial clients. For over 30 years, the company pioneered high-quality pest control in Singapore, delivering excellent service with compliance to environmental health and safety standards. As Asia's leading pest management experts, PestBusters offers innovative and comprehensive pest management services across the region. The company was listed as a ransomware victim associated with the threat actor devman. ID 19740

100K USD ID 24564

375K USD ID 19685

TBD ID 19680

TBD ID 19679

TBD ID 19652

TBD ID 19651

550k USD ID 19650

(To be discoled) ID 19342

China Harbour Engineering Company Ltd. (CHEC) is a Beijing-based Chinese services and infrastructure contractor founded in 1980 and part of China Communications Construction Company Ltd. It provides EPC, BOT, and PPP services across marine engineering, dredging and reclamation, roads and bridges, railways, airports, and related civil works. The company also supports public and private sector infrastructure projects with equipment supply and installation and broader engineering services. China Harbour Engeneiring Company FILE SAMPLE 1 avaliable /CHEC/CHECsample.zip was listed as a ransomware victim associated with devman. ID 19326

(90k USD) ID 19268

60k USD ID 19267

(To be discoled) ID 19266

(To be discoled) ID 19265

450k USD ID 19264

70k USD ID 19143

Price -Soon ID 19142

200k USD ID 19141

150k USD ID 19140

Different Locker ID 19010

Name disclosed soon ID 19009

Pending ID 19008

Still in negotiation ID 19007