Stormous ransomware attacked four new victims recently and posted evidence of the hits on their public network. The four are Comtrade Group, Zewail City of Science and Technology, Vietnam Electricity, and Inwi.
The most recent attacks follow the trend established by Stormous itself over the past 2 years. This cyberthreat actor first came to light in 2021, along with the Russia-Ukraine war, during which Stormous used to spread pro-Russian ideals.
This makes Stormous stand out from other ransomware actors, as most are only driven by financial gains. However, Stormous has made pro-Russian statements before and during many attacks, leading many to link them to specific political affiliations.
Moreover, Stormous is a self-proclaimed group of Arabic-speaking hackers who has publicly declared its support for the Russian government. Still, the organization’s true identity and motives are not clear.
Many question their self-stated political interests and wonder whether they’re simply financially driven or if there’s more to it.
We believe security online security matters and its our mission to make it a safer place.
The group’s MO is similar to that of many other ransomware groups. The attacker infiltrates the victim’s defenses, downloads and encrypts critical data, and demands a ransom. There is currently no free decryptor available for Stormous.
The double extortion tactic is commonly used by most ransomware actors. Stormous blackmails the victim, stating that the refusal to pay the ransom will lead to them posting or selling the stolen data.
It is unclear if the four recent attacks were successful and whether the victims paid the ransom. The ransom note always informs the victim of the group’s political affiliation and support for the Russian government.
This has led some to believe that the group only targets anti-Russian governments or entities. At the same time, Stormous is clearly pursuing financial gains via their ransom demand.
Given that Stormous is such a dangerous, advanced, and aggressive group, the general recommendation is to refrain from doing anything yourself to combat it. Instead, you should always rely on specialists to address the issue effectively.
A ransomware recovery service is your best bet if you don’t want to pay the ransom, but also if you want to regain access to your critical files and data. A complete overhaul of the system’s defenses is also critical to prevent future attacks.