Ransomware victim disclosure
← All victimsSelf-Help Addiction Rehabilitation, Inc. (SHAR)
listed as sharinc.org · Claimed by Devman · listed 7 months ago
Status timeline
- ListedDec 28, 2025
- Data leakeddate unknown
At a glance
- Group
- Devman
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Dec 28, 2025
About the victim
AI dossier — public-source company profileSelf-Help Addiction Rehabilitation, Inc. (SHAR) is a Detroit, Michigan-based nonprofit 501(c)3 behavioral healthcare organization founded in 1969. SHAR provides addiction recovery, residential, outpatient, transitional housing, case management, and employment support services to approximately 6,000 individuals annually in the Greater Detroit area. It is accredited by CARF, licensed by the State of Michigan, and approved by BCBSM and other insurance carriers.
- Industry
- Behavioral Health & Addiction Recovery Services
- Address
- Detroit, Michigan, United States
- Founded
- 1969
Attack summary
Severity: critical — SHAR is a behavioral health and addiction recovery nonprofit serving vulnerable individuals; exfiltrated 'customer data' in this context almost certainly includes sensitive PII, medical/treatment records, and financial information of patients — constituting regulated healthcare and personal data at scale (approx. 6,000 individuals served annually), and the data has already been published.The ransomware group 'devman' claims to have exfiltrated financial and customer data from SHAR, with the disclosure status listed as data_published, indicating the stolen data has already been released.
Data the group says was taken
AI dossier — extracted from the leak post- Financial records
- Customer data
What the group claims
Financial, Custommer data
Sources
- Victim sitesharinc.org
- Leak posthttp://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

