Skip to content

Hellcat ransomware hits Car Care Plan in Turkey, encrypts 50 GB data

  • by
  • 2 min read

Photo: Hüseyin Sevgi | Pixabay

Car Care Plan’s Turkey branch has become the latest victim of the notorious Hellcat ransomware group. The attackers claim to have successfully exfiltrated over 50 GB of highly sensitive data from the company’s systems, stealing financial records containing sensitive transaction details, legal documents and corporate statements, internal documentation critical to the company’s operations, and customer records that may include personally identifiable information.

The Hellcat ransomware group has encrypted the stolen data, making it inaccessible without their unique decryption key. They have publicly demanded a ransom payment of 0.5 Bitcoin, approximately $13,000 at current market rates, and imposed a strict deadline of about six days, reports Falcon Feeds.

In their statement, the attackers emphasised that decrypting the data without their key is nearly impossible. They have also issued a grim ultimatum: if the ransom is not paid within the given timeframe, they may permanently withhold the decryption key or leak the stolen data online.

“To ensure the return of this data, we are demanding a ransom of 0.5 BTC. The deadline for this payment is fast approaching,” wrote the attackers. “Once the payment is received, the decryption key will be provided, and the data will be returned without delay. It is up to Car Care Plan to act accordingly.”

Car Care Plan now faces a critical decision. Paying the ransom could enable the company to recover its stolen data but would also finance the ransomware group’s future activities. Conversely, refusing to pay could result in catastrophic data breaches and further financial losses.

The company operates in over 100 countries and has 1.5+ million products registered annually.

The Hellcat ransomware emerged in late 2024 and uses techniques such as double-extortion schemes, where the attackers encrypt data and exfiltrate it.

In November 2024, Schneider Electric experienced a ransomware attack by the Hellcat group, which claimed to have stolen approximately 40 GB of compressed data.

In the News: Japan Airlines confirms cyberattack amid flight delays

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>