Ransomware victim disclosure
← All victimsGobierno del Estado de Colima
Claimed by Devman · listed 1 year ago
Status timeline
- ListedMay 26, 2025
- Data leakeddate unknown
At a glance
- Group
- Devman
- Status
- Data leaked
- Country
- Mexico
- Sector
- Public Sector
- Listed on leak site
- May 26, 2025
About the victim
AI dossier — public-source company profileThe State Government of Colima (Gobierno del Estado de Colima) is the executive administrative body for the Mexican state of Colima. It operates 11 secretariats, multiple subsecretariats, and autonomous organisms providing citizen services including vehicle registration, vital records, online payments, and public procurement.
- Industry
- Government Administration
- Address
- Complejo Administrativo del Gobierno del Estado, 3er. Anillo Periférico, Esq. Ejército Mexicano S/N. Colonia el Diezmo. C.P. 28010, Colima, Colima, México
Attack summary
Severity: high — Attack on critical government infrastructure in Mexico with confirmed data publication status. Government entities hold sensitive citizen PII (vital records, vehicle registrations, administrative data) at scale. Operational disruption to public services is a concern.The devman group claims to have attacked the Colima state government. The leak post content is marked 'TBD' and no specific details on encryption, exfiltration, or data types are provided in the available information.
Data the group says was taken
AI dossier — extracted from the leak post- Citizen records (vital documents, registrations)
- Vehicle registration data
- Government administrative files
- Procurement/bidding records
What the group claims
TBD
Sources
- Victim sitecol.gob.mx
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

