datacarry

Ransomware group profile

6Victims

46Impact score

Description

datacarry is a newly identified ransomware and data extortion group that emerged in May 2025, focusing on financial gain through double-extortion tactics. They exfiltrate sensitive data and threaten to release it publicly if ransom demands are not met, highlighting their organized and aggressive operational methods.

Key insights

•Employs a double-extortion model by exfiltrating sensitive data and encrypting systems.
•Primarily targets the financial sector, but also operates across other diverse sectors.
•Utilizes threats of public data release to pressure victims into compliance with ransom demands.
•Has been connected to numerous breaches targeting European financial institutions.
•Exploits vulnerabilities in third-party services for initial access.
•Rapid emergence indicates a well-coordinated operation.

Industries

Education Financial Services Government & Defense Hospitality Manufacturing Other Retail & E-Commerce Transportation

Threat Level & Status Breakdown

For datacarry · Based on incidents in selected period

0.5threat level

Aggressiveness1.5/ 10

Lethality0/ 10

Criticality0/ 10

First seenJun 2025

Last seenDec 2025

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 2, 2026

Recent activity

Monthly attack count for datacarry in the selected period

6Total attacks

2peak in Sep

1.2avg / month

Intelligence

IOCs, YARA/Sigma rules, and related families for datacarry

9b4e60fc6089912f84c96e77f8d905a6c1e9e76d15fdce96958a45ad0e8e6108
953ff2db7ea47995023aeb045143f940

View full IOC feed3 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for datacarry

Other

T1486

T1490

T1041

T1078

T1562

T1021

T1059

T1547

T1005

T1110

T1021.001

T1203

Victims(6)

Company	Domain	Country	Industry	Status	Discovered
Camomilla	camomilla.com	IT Italy	Retail & E-Commerce	Unknown	6 months ago
UAM	—	ES Spain	Transportation	Unknown	6 months ago
Miljödata (1 day left)	—	SE Sweden	Other	Unknown	9 months ago
Miljödata	miljodata.se	SE Sweden	Other	Unknown	9 months ago
Peggy Sage	peggysage.com	FR France	Retail & E-Commerce	Unknown	10 months ago
Món Sant Benet	monsantbenet.com	ES Spain	Hospitality	Unknown	12 months ago

Affected countries(15)

Countries where this group has been reported to target or leak victims.

🇧🇪Belgium 🇨🇭Switzerland 🇩🇪Germany 🇩🇰Denmark 🇪🇸Spain 🇫🇷France 🇬🇧United Kingdom 🇬🇷Greece 🇮🇳India 🇮🇹Italy 🇱🇻Latvia 🇸🇪Sweden 🇹🇷Turkey 🇺🇸United States 🇿🇦South Africa