DEVMAN GROUP: New $91M ransom demand

On September 6, a new entry appeared on 𝗯𝗿𝗲𝗮𝗰𝗵.𝗵𝗼𝘂𝘀𝗲 linked to the emerging ransomware group hashtag Devman.

The demand? $91 million. The justification? According to Devman, the ransom amount was calculated based on stolen financial documents showing that the victim company had large cash reserves. The scope? The group claims to have stolen 12 TB of data after remaining in the network for several months, with persistence since May 25.

A key detail: this is not just about encryption. Devman’s extortion model increasingly relies on the victim’s financial intelligence to adjust ransom amounts, thereby applying tailored pressure.

📊 Reviewing entries on Breach House, Devman joins a growing ecosystem of ransomware groups. In the days before, two other cases were also recorded:

• Promisedland, Taiwan: ransom demand of $1,000,000

• Pure-Chemical, India: ransom demand of $5,000,000

Alongside Devman, two other actors stand out with recent activity:

1. Qilin, with dozens of victims across critical sectors.

2. Cactus, another expanding group combining unique encryption methods with double extortion.

These three groups illustrate today’s ransomware reality: higher ransom demands, targeted financial pressure, and massive data thefts.

At Darkeye Industries, we monitor these developments in real time, collecting leaks and ransom notes to map the evolution of cyber-extortion. Because understanding who Devman is today… may anticipate who comes next tomorrow.

Discover all attacks and leaks and check if your data has been compromised at:

📌 Breach House

🔎 HaveIbeenramsoned?