Ransomware victim disclosure
← All victimsООО МФК «КарМани»
listed as carmoney.ru · Claimed by Lv · listed 3 years ago
Status timeline
- ListedDec 20, 2023
- Data leakeddate unknown
At a glance
- Group
- Lv
- Status
- Data leaked
- Country
- Russia
- Sector
- Financial Services
- Listed on leak site
- Dec 20, 2023
About the victim
AI dossier — public-source company profileCarMoney is a Russian online microfinance service offering short-term auto-secured loans up to 1,000,000 RUB. The company allows borrowers to retain their vehicle and registration documents while using them as collateral. It operates across 74 regions of Russia through 2000+ agents and offers rapid approval (5 minutes) with minimal documentation.
- Industry
- Microfinance & Auto-Secured Lending
- Address
- Нижний Новгород, Россия
Attack summary
Severity: critical — Claimed exfiltration of 60TB of complete company data from a financial services provider handling personal loans, PII (passports, IDs), vehicle documents, and payment information at scale. Financial data and regulated customer information at significant scale poses critical risk.The Lv ransomware group claims to have exfiltrated CarMoney's complete data archive totaling 60 terabytes and states intention to publish it. The group claims to have compromised customer and operational data from the microfinance platform.
Data the group says was taken
AI dossier — extracted from the leak post- Customer loan applications
- Personal identification documents (passport data)
- Vehicle registration documents (STS/PTS)
- Financial transaction records
- Banking/payment card information
- Contact information
- Loan agreements
- Investment agreements
What the group claims
Общество с ограниченной ответственностью Микрофинансовая компания «КарМани».CarMoney - современный онлайн-сервис автозаймов.Выдает деньги под залог авто и спецтехники. При этом машина и ПТС остаются у клиента.Полный архив данных,60 террабайт будет опубликовано.
Sources
- Victim sitecarmoney.ru
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

