Datacarry

Also known as: Datacarry

DataCarry is a newly observed ransomware and data-extortion operation, first seen in May 2025. It operates a double-extortion model, exfiltrating data and threatening publication via a Tor-hosted portal. The group has already claimed multiple victims across diverse sectors including insurance, healthcare, real estate, retail, and aerospace in countries such as Latvia, Belgium, TΓΌrkiye, South Africa, Switzerland, Denmark, and the United Kingdom. The rapid emergence and multi-country reach signal a well-organized operation.

Introduction

DataCarry is a newly observed ransomware and data-extortion operation, first seen in May 2025. It operates a double-extortion model, exfiltrating data and threatening publication via a Tor-hosted portal. The group has already claimed multiple victims across diverse sectors including insurance, healthcare, real estate, retail, and aerospace in countries such as Latvia, Belgium, TΓΌrkiye, South Africa, Switzerland, Denmark, and the United Kingdom. The rapid emergence and multi-country reach signal a well-organized operation.

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

Information pending cataloguing.

Attribution and Evidence

Information pending cataloguing.

References

References pending cataloguing.