Back to Threat Groups
devman2
ACTIVEransomware group
DevMan 2.0 is the evolved iteration of the DevMan ransomware, first documented in July 2025. It enhances the capabilities of its predecessor with robust double-extortion tactics and operates under a Ransomware-as-a-Service (RaaS) model, offering structured leak and extortion infrastructure. Affiliates and operators are using it across diverse sectors—such as manufacturing, retail, and electronics—targeting organizations in Japan, Germany, and other countries. Demands from initial campaigns range widely, spanning from around $1 million to over $10 million USD.
Victims
0
First Seen
Sep 28, 2025
Last Active
Apr 13, 2026
Victims (0)
No victims recorded
Infrastructure
leak site
OFFLINE
http://tygjm32hxyqienrgwxveiaw3azbjmfaln2znn2hldz2oe6v453ngwlyd.onion/never crawled
leak site
OFFLINE
http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/never crawled
leak site
OFFLINE
http://wugurgyscp5rxpihef5vl6b6m5ont3b6sezhl7boboso2enib2k3q6qd.onion/never crawled