devman2

Also known as: devman2

DevMan 2.0 is the evolved iteration of the DevMan ransomware, first documented in July 2025. It enhances the capabilities of its predecessor with robust double-extortion tactics and operates under a Ransomware-as-a-Service (RaaS) model, offering structured leak and extortion infrastructure. Affiliates and operators are using it across diverse sectors—such as manufacturing, retail, and electronics—targeting organizations in Japan, Germany, and other countries. Demands from initial campaigns range widely, spanning from around $1 million to over $10 million USD.

Introduction

DevMan 2.0 is the evolved iteration of the DevMan ransomware, first documented in July 2025. It enhances the capabilities of its predecessor with robust double-extortion tactics and operates under a Ransomware-as-a-Service (RaaS) model, offering structured leak and extortion infrastructure. Affiliates and operators are using it across diverse sectors—such as manufacturing, retail, and electronics—targeting organizations in Japan, Germany, and other countries. Demands from initial campaigns range widely, spanning from around $1 million to over $10 million USD.

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

Information pending cataloguing.

Attribution and Evidence

Information pending cataloguing.

References

References pending cataloguing.