Md5
1 totald86163423afa32bb0b793ad909d6b357
DATACARRY is a ransomware/extortion group first reported in 2025.
Profile source: Mallory opens in a new tabDataCarry
DATACARRY is a ransomware/extortion group first reported in 2025. Multiple sources in the provided content describe it as an emerging ransomware operation and, more specifically, as a data-theft and leak-based extortion actor that in some cases did not deploy a ransomware locker. The group launched a leak site within weeks of several other new extortion brands and was reported as claiming victims across eight countries. One cited report states that victim companies in eight countries were disclosed and that 65,000 records of Korean individuals were leaked on a cybercrime forum. DATACARRY was also mentioned among ransomware variants observed targeting European financial institutions, alongside Akira and BlackLock. Additional reporting in the content links the group to a Volvo data breach associated with a Miljödata ransomware incident. Across the supplied material, the highest-confidence characterization is that DATACARRY is a newly emerged 2025 ransomware/extortion brand focused on data exfiltration and public leak pressure, with observed activity affecting organizations in multiple countries and mentions of targeting in the financial sector.
Ransomware.live
Ransomware.live
d86163423afa32bb0b793ad909d6b357b1cf41363401fe5671e24fd55ee89b0c177140c482a8dab1b9891db509df52f6bb62196338dab7b26993f27e3a8ad917d848508ad8cd4646c9fe836b1140c3e4176.65.141.201154.216.19.224050d1feda2751e807b2a731f1f5fe764910ba9ea8bc46e2643d3180876a5bc953cdatacarry@riseup.netMITRE ATT&CK
Reporting
Variants including Akira, Datacarry, and BlackLock were among the most frequently observed targeting European financial institutions.
Silent, Gunra, JGroup, IMN Crew, Dire Wolf, DATACARRY, and SatanLock launched leak sites within weeks of each other.
New ransomware groups such as Dire Wolf, Silent Team, DATACARRY, Gunra, and the actor known as “J” relied on data theft and leak-based extortion without deploying ransomware lockers.
“Minimal-activity Groups… such as DataCarry… each registered one incident.”
“...DATACARRY… Each accounted for 1 incident…”
New ransomware groups such as DATACARRY, Dire Wolf, and J Group emerged and began their activities by claiming attacks on 8 countries, 6 organizations, and 9 companies, respectively.
New ransomware group DATACARRY emerges: Victim companies in 8 countries disclosed 65,000 records of Korean individuals leaked on cybercrime forum
"Volvo Data Breach Linked to Miljödata Ransomware Attack... The DataCarry ransomware group was identified"
Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.