Controversial STORMOUS Ransomware Targets Casino India
STORMOUS ransomware announced a new victim recently, Casio India. The hackers posted evidence of the attack on their public platform, which came with a counter showing the deadline for negotiations. Which is 7 days.
- The hackers also alluded to having stolen at least 200 GB of data from their victim
- It’s unclear how massive the data leak actually is, how valuable the data is, or whether the victim has decided to negotiate
- If Casio India refuses to communicate with the hackers or reach a consensus during the 7-day time window, the data will leak online
- STORMOUS is a very controversial gang, to the point where many experts don’t even believe it’s legitimate
While STORMOUS has been active since 2022, the organization hasn’t showcased consistent activity. The hackers have been on and off since the beginning and don’t seem to have a method to their madness.
This makes them rather unpredictable and difficult to keep track of. There’s another problem too and that’s the fact that STORMOUS doesn’t seem to know what it is. In some cases, it advertises itself as a ransomware gang.
In others, it appears to be politically and ideologically motivated. This has caused confusion regarding the organization’s true purpose, with some claiming STORMOUS doesn’t even exist. This isn’t the outrageous claims it appears to be at a first glance.
The theory comes from the fact that many high-end cybercriminal groups often use mock-up organizations to hide their activity. Doing so allows them to conduct their operations without exposing themselves.
The tactic also often sends the law enforcement actors on false leads, wasting their time and keeping the cybercriminal gang safe. It’s unclear if this is the case with STORMOUS, but some suggest that the signs are there.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
Who Is STORMOUS?
So, what exactly is the cause of STORMOUS being considered a mock-up group? One of the reasons is the fact that the organization doesn’t seem to fall in a specific category. Ransomware groups are typically only active in the ransomware sphere.
They don’t care about making any political or ideological statements because they’re financially motivated. Which is why they’re in the ransomware industry to begin with. The same reasoning applies to politically driven cybercriminal actors.
But STORMOUS appears to swim in both waters. The organization conducts ransomware attacks but also participates in global political and ideological events, including the Ruso-Ukrainian war.
STORMOUS has made a series of controversial comments regarding the ongoing conflict and even threatened to become involved in some capacity. Also, some of the group’s claims have been unconfirmed.
One such instance is the infamous Epic Games breach, during which STORMOUS claimed to have stolen 200+ GB of data. This allegedly contained the private information of over 33 million users.
The problem is that Epic Games denied the breach, and STORMOUS didn’t produce any evidence to support the claim. This has contributed to the idea that STORMOUS is nothing more than a ghost organization with no real substance.
Is this actually true? This is a question that doesn’t have a clear answer.