Skip to content
Ransomware group

DataCarry

DATACARRY is a ransomware/extortion group first reported in 2025.

Profile source: Mallory opens in a new tab

DataCarry

Family profile

DATACARRY is a ransomware/extortion group first reported in 2025. Multiple sources in the provided content describe it as an emerging ransomware operation and, more specifically, as a data-theft and leak-based extortion actor that in some cases did not deploy a ransomware locker. The group launched a leak site within weeks of several other new extortion brands and was reported as claiming victims across eight countries. One cited report states that victim companies in eight countries were disclosed and that 65,000 records of Korean individuals were leaked on a cybercrime forum. DATACARRY was also mentioned among ransomware variants observed targeting European financial institutions, alongside Akira and BlackLock. Additional reporting in the content links the group to a Volvo data breach associated with a Miljödata ransomware incident. Across the supplied material, the highest-confidence characterization is that DATACARRY is a newly emerged 2025 ransomware/extortion brand focused on data exfiltration and public leak pressure, with observed activity affecting organizations in multiple countries and mentions of targeting in the financial sector.

Ransomware.live

Operational record

View group record ↗

Ransomware.live

Published indicators

Full source record ↗

Md5

1 total
  • d86163423afa32bb0b793ad909d6b357

Sha256

2 total
  • b1cf41363401fe5671e24fd55ee89b0c177140c482a8dab1b9891db509df52f6
  • bb62196338dab7b26993f27e3a8ad917d848508ad8cd4646c9fe836b1140c3e4

Ip

2 total
  • 176.65.141.201
  • 154.216.19.224

Session

1 total
  • 050d1feda2751e807b2a731f1f5fe764910ba9ea8bc46e2643d3180876a5bc953c

Email

1 total
  • datacarry@riseup.net

MITRE ATT&CK

DataCarry in ATT&CK

1 distinct techniques

Reporting

Research mentioning DataCarry

Apr 22
Help Net Security

Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook - Help Net Security

Variants including Akira, Datacarry, and BlackLock were among the most frequently observed targeting European financial institutions.

Dec 31
Cyberthrone

New Ransomware Emerged in 2025 – Threat Intel Report

Silent, Gunra, JGroup, IMN Crew, Dire Wolf, DATACARRY, and SatanLock launched leak sites within weeks of each other.

Dec 30
Cyble

Top 10 Threat Actor Trends from 2025 — and What They Signal for 2026

New ransomware groups such as Dire Wolf, Silent Team, DATACARRY, Gunra, and the actor known as “J” relied on data theft and leak-based extortion without deploying ransomware lockers.

Dec 9
Dragos

Dragos Industrial Ransomware Analysis: Q3 2025 | Dragos

“Minimal-activity Groups… such as DataCarry… each registered one incident.”

Aug 14
Dragos

OT Ransomware Trends: Q2 2025 Analysis & Insights | Dragos

“...DATACARRY… Each accounted for 1 incident…”

Jun 9
Ahnlab Asec

May 2025 Deep Web and Dark Web Trends Report

New ransomware groups such as DATACARRY, Dire Wolf, and J Group emerged and began their activities by claiming attacks on 8 countries, 6 organizations, and 9 companies, respectively.

May 29
Ahnlab Asec

Ransom & Dark Web Issues Week 5, May 2025

New ransomware group DATACARRY emerges: Victim companies in 8 countries disclosed 65,000 records of Korean individuals leaked on cybercrime forum

Apr 22
Brightdefense

List of Recent Data Breaches in 2026

"Volvo Data Breach Linked to Miljödata Ransomware Attack... The DataCarry ransomware group was identified"

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.