Ransomware Group: DATACARRY

VICTIM NAME: ALB Forex

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DATACARRY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to ALB Forex, a financial services firm based in Turkey, specializing in forex trading, online market analysis, and professional training. The breach was discovered on May 26, 2025. The attackers claim to have accessed sensitive data related to the company’s operations, including a variety of infostealers such as Lumma, Raccoon, RedLine, and others, targeting a total of 72 users. The leaked information suggests that threat actors may have obtained data potentially linked to employees, clients, or internal processes. The leak appears to include technical details and possibly internal documents, although no specific files or screenshots are provided publicly. Notably, the company works within a high-security environment, making this breach a significant concern for stakeholders.

Further investigations show that the attackers may have updated their website and posted a link containing the compromised data. While no explicit download links or detailed data leaks are shared in the publicly available information, the breach highlights a serious security incident impacting the company’s operational integrity. The incident emphasizes the ongoing threat to financial services firms, especially those handling sensitive client information and financial transactions. The nature of the attack and the scope of data compromised point to a potentially significant risk for the affected organization and its clients, necessitating immediate cybersecurity assessment and response measures.