• Home
  • News
  • Stormous Ransomware Adds 2 Victims To Their Portfolio

Stormous Ransomware Adds 2 Victims To Their Portfolio

Miklos Zoltan

By Miklos Zoltan . 5 March 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

Stormous announced 2 more victims recently, one from Brazil and the other from Colombia. EVERPLAST and Dismogas both lost 57 GB and 7 GB of confidential data, respectively.

  • Stormous gave the victims between a week and 2 weeks to complete negotiations and pay the ransom
  • Neither of the 2 have commented on the attacks
  • Stormous has gained the reputation of hitting a multitude of target types, regardless of their respective industries and specializations
  • Despite Stormous being a veteran in the ransomware space, little is known about the organization itself

Ransomware attacks have spiked in activity recently, and Stormous isn’t a new one to join the trend. Even so, the group doesn’t expose itself too much and doesn’t take any unnecessary risks.

With that being said, Stormous has been known to attack high-value public institutions and even massive private brands like Coca-Cola, Danaher, and Mattel. More importantly, Stormous has breached government institutions as well in some cases.

X showing the STORMOUS attack on the 2 victims
https://twitter.com/FalconFeedsio/status/1764916254077297105

One such case was an organized attack against the Ukrainian government which resulted in an important informational leak. The Ukrainian Ministry of Foreign Affairs commented briefly on the incident, stating that the damages have been contained.

Since then, Stormous has varied its MO considerably, leading many to become confused about the group’s actual intentions. That’s because Stormous isn’t your regular ransomware ring, only interested in financial gains.

What Should You Know About Stormous?

Stormous began as a standard ransomware ring that turned public in 2021. However, the organization remained virtually unknown for a while, limiting its activity to the standard mild ransomware hits. Everything changed when Russia invaded Ukraine.

Since then, the once mild and unknown ransomware group rebranded itself as a pro-Russian entity. The organization’s MO also changed, as the hackers started hitting targets based on their political views as well.

This is why many are uncertain which category Stormous should go into. The group typically operates as a standard double-extortion ring, but it also conducts politically and ideologically driven operations.

But the thing that makes Stormous so dangerous isn’t its double-faced persona. Rather, it’s the fact that there is no decryption key available for the Stormous encryptor. This explains why the group often gives victims 2 weeks to contact them for negotiations.

This suggests that the hackers keep their software up to date and upgrade their systems constantly.

But the controversy doesn’t end there. As investigators have pointed out, there is no clear evidence of any use of ransomware software during Stormous operations. This implies the idea that Stormous itself is actually a poser and not a legitimate ransomware actor.

The theory is that they’re using the image of a ransomware operator to intimidate and confuse law enforcement agencies regarding their real occupation. Which seems to be political and ideological dissemination.

No matter its classification, Stormous remains a dangerous and unpredictable cybercriminal ring with both personal and third-party interests. This has become even more obvious once the group itself has recognized its pro-Russian affiliation.

If you want to learn how to protect your systems against ransomware and DDoS gangs like Stormous, rely on cybersecurity experts.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment