Stenobird

Episode

99; Devman

Podcast
Inside Darknet
Published
Dec 20, 2025
Duration seconds
1418
Processing state
processed
Canonical source
https://podcasters.spotify.com/pod/show/insidedarknet/episodes/99-Devman-e3ck414
Audio
https://traffic.megaphone.fm/APO8202883319.mp3
JSON
/v1/public/podcasts/inside-darknet-6682885/episodes/99-devman
Markdown
/podcast/inside-darknet-6682885/99-devman.md

Actions

  • POST https://stenobird.com/v1/public/podcasts/inside-darknet-6682885/episodes/99-devman/transcription-requests
    Idempotently request low-priority transcript generation for this episode.
  • GET https://stenobird.com/podcast/inside-darknet-6682885/99-devman.md
    Read the agent-friendly Markdown representation of this episode resource.

Summary

The rise and rapid exposure of Devman, a Russian Ransomware-as-a-Service operator attempting to build a cybercrime empire. Despite boasting about multi-million dollar deals, his operation collapsed due to massive technical incompetence and leaked communications.

Topics

  • Ransomware-as-a-Service
  • Cybercrime Infrastructure
  • Operational Security
  • Data Leaks
  • Darknet Operations
  • Threat Intelligence
  • Russian Cybercrime
  • Encryption Errors

Highlights

  • Main idea: Devman attempted to transition from a simple affiliate to a full-scale Ransomware-as-a-Service (RaaS) provider
  • Failure mode: Critical technical bugs, such as the ransomware builder encrypting its own ransom note, rendered the attacks ineffective
  • Security flaw: Misconfigured Rocket Chat instances allowed security researchers to monitor internal criminal communications
  • Practical takeaway: Operational security (OPSEC) is non-existent when an operator prioritizes social media bravado over infrastructure protection
  • Failure mode: Retaliatory threats against researchers' families further destroyed his credibility among potential criminal affiliates

Chapters

  1. 1:00 The Infrastructure of Cybercrime: An analysis of the complex ecosystem required to run a successful ransomware operation, including servers, payment systems, and support channels.
  2. 9:40 The Emergence of Devman: Tracing the origins of the Russian-speaking actor and his transition from an affiliate to a RaaS operator.
  3. 11:20 Building a Ransomware Empire: How Devman utilized modified Dragon Force ransomware to establish his own brand and recruit affiliates.
  4. 13:10 Technical Blunders and Bugs: A deep dive into the catastrophic coding errors that caused the ransomware to encrypt its own instructions.
  5. 14:50 The Collapse of Operational Security: How misconfigured chat platforms allowed researchers to document the inner workings of the Devman group.
  6. 18:20 Ego vs. Reality: The disconnect between Devman's public boasts of success and the actual chaos of his failing operations.
  7. 21:50 Retaliation and Reputation: The fallout from Devman's threats against researchers and the resulting loss of trust within the criminal community.