Ransomware victim disclosure
← All victimsMidContinental Chemical Company Inc.
listed as MCC · Claimed by Devman · listed 8 months ago
Status timeline
- ListedNov 19, 2025
- Data leakeddate unknown
At a glance
- Group
- Devman
- Status
- Data leaked
- Country
- United States
- Sector
- Manufacturing
- Listed on leak site
- Nov 19, 2025
- Data size
- 80 GB
About the victim
AI dossier — public-source company profileMidContinental Chemical Company Inc. (MCC) is a U.S.-based specialty chemical company that distributes and manages additive programs for fuels and lubricants, including diesel, gasoline, and lubricant additives. The company offers a broad portfolio of products such as cetane improvers, conductivity additives, viscosity modifiers, and antioxidants, serving industrial and commercial customers across North America. It also provides services including additive program management, logistics, regulatory compliance, and technical assistance.
- Industry
- Specialty Chemicals & Fuel/Lubricant Additives Distribution
Attack summary
Severity: high — 80 GB of data has been confirmed exfiltrated and published, representing a significant data breach of a specialty chemical company. While the exact data types are unspecified, the volume and published status indicate substantial business data exposure.The ransomware group 'devman' claims to have exfiltrated approximately 80 GB of data from MidContinental Chemical Company and demanded a $200,000 ransom. The disclosure status indicates the data has been published, suggesting the ransom was not paid.
Data the group says was taken
AI dossier — extracted from the leak post- Exfiltrated company data (80 GB)
What the group claims
Ransom: 200k 80gb
Sources
Source
Indexed 8 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

