Ransomware victim disclosure
← All victimsCar Care Plan
listed as Car Care Plan - Turkey · Claimed by Hellcat · listed 2 years ago
Status timeline
- ListedDec 26, 2024
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileCar Care Plan is a Turkish financial services company offering car care and warranty products. The company operates through carcareplan.com.tr and maintains customer and financial records.
- Industry
- Financial Services & Insurance
Attack summary
Severity: high — Confirmed exfiltration of 50 GB spanning financial records, customer data, and legal documents from a financial services company. Scale and sensitivity of data (financial + PII) elevates this to high severity.Hellcat claims to have exfiltrated 50 GB of data including financial records, legal documents, customer records, and internal documents. The group states all data has been encrypted and demands 0.5 BTC for decryption.
Data the group says was taken
AI dossier — extracted from the leak post- financial records
- legal documents and statements
- customer records
- internal documents
What the group claims
We have successfully stolen over50 GBof data from Car Care Plan, including financial records with sensitive information, legal documents and statements, customer records, along with internal documents and records. All the data has been encrypted, and without our decryption key, it is almost impossible to decrypt.To ensure the return of this data, we are demanding a ransom of0.5 BTC. The deadline for this payment is fast approaching. Once the payment is received, the decryption key will be provided, and the data will be returned without delay. It is up to Car Care Plan to act accordingly.
Sources
- Victim sitecarcareplan.com.tr
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

