stormous
Ransomware group profile
60Victims
RussiaSource country
82Impact score
Also Known As
Stormous Virus
Description
Stormous is a pro-Russian cybercriminal group known for its ransomware attacks and data exfiltration, employing double extortion tactics. They primarily target organizations in the United States, Ukraine, and Europe, focusing on sectors such as government, healthcare, and telecommunications. The group operates under a Ransomware-as-a-Service model, enabling affiliates to utilize their tools extensively.
Key insights
- •Stormous employs double extortion tactics, encrypting and threatening to leak sensitive data.
- •Targets include government, healthcare, energy, and telecommunications sectors.
- •The group utilizes both custom and publicly available tools, often exploiting unpatched vulnerabilities.
- •They primarily operate through a Ransomware-as-a-Service (RaaS) model.
- •Recent attacks include significant data breaches affecting hundreds of thousands of individuals.
- •Stormous claims alignment with Russian geopolitical interests and focuses on Western countries.
Threat Level & Status Breakdown
For stormous · Based on incidents in selected period
3.9threat level
Aggressiveness10/ 10
Lethality0.3/ 10
Criticality1.1/ 10
Status Breakdown
Data Leaked5.0%3
Claimed5.0%3
First seenJul 2025
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 23, 2026
Recent activity
Monthly attack count for stormous in the selected period
60Total attacks
20peak in Oct
7.5avg / month
↑ 10 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for stormous
- b15a8047abd9a3af013cf6c77ce15acf
- 95ae81de52655fac3f1b226f1896690566090640
- 1b4b4e910bfd31f5f3f2f3a269bf2c994978b78a
- 8cee3ec87a5728be17f838f526d7ef3a842ce8956fe101ed247a5eb1494c579d
- f001329114937fbc439f251c803ba825
- 8ad67a1b7a5f2428c93f7a13a398e39c
- 0a73291ab5607aef7db23863cf8e72f55bcb3c273bb47f00edf011515aeb5894
- 2a720281cd869c1aaaca430a96cf980f623e0f76
- 12b818950d749c378aabd81a0bac9742
- e014c9e5f712775e771c7f36d2a580d8d290c9ad
- 96ba3ba94db07e895090cdaca701a922523649cf6d6801b358c5ff62416be9fa
- 8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9
- d4f71fc5479a02c8ff57c90fc67b948adb5604e0
- aa62afd6a48d3c42ed66d4f5b9189be847ec055b
- a1b468e9550f9960c5e60f7c52ca3c058de19d42eafa760b9d5282eb24b7c55f
- 3afd36e7e837d7216bdb48e466f8dcd5f2b169b6
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for stormous
CVE-2023-47246
CVE-2023-46850
CVE-2023-46849
CVE-2023-46747
CVE-2023-46604
CVE-2023-34058
CVE-2023-34057
CVE-2023-34051
CVE-2023-34048
CVE-2023-23369
CVE-2023-23368
CVE-2023-22518
Other
T1486
T1486
T1490
T1490
T1078
T1078
T1021
T1021
T1562
T1562
T1059
T1059
T1547
T1547
T1021.001
T1021.001
T1210
T1210
T1005
T1005
T1105
T1105
T1041
T1041
Victims(60)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| maglificioliliana.com | maglificioliliana.com | IT Italy | — | Unknown | 1 day ago | |
| impulso-store.com | impulso-store.com | MX Mexico | Retail & E-Commerce | Unknown | 1 day ago | |
| lorenzoni-store.com | lorenzoni-store.com | IT Italy | Retail & E-Commerce | Unknown | 1 day ago | |
| montechiaro-store.com | montechiaro-store.com | IT Italy | Retail & E-Commerce | Unknown | 1 day ago | |
| jaggroup.com UPDATE-FULL DATA DUMP | jaggroup.com | US United States | Professional Services | Unknown | 4 days ago | |
| mlit.com.my UPDATE-FULL DATA DUMP 10GB | mlit.com.my | MY Malaysia | Government & Defense | Data Leaked | 6 days ago | |
| mlit.com.my | mlit.com.my | MY Malaysia | Government & Defense | Data Leaked | 13 days ago | |
| katholiekamersfoort.nl UPDATE-FOR SALE | — | NL Netherlands | Other | Unknown | 16 days ago | |
| sa2000.com UPDATE-FULL DATA DUMP | — | — | Financial Services | Unknown | 16 days ago | |
| SA2000.COM | sa2000.com | SA Saudi Arabia | Technology | Unknown | 22 days ago | |
| katholiekamersfoort.nl | katholiekamersfoort.nl | NL Netherlands | Education | Unknown | 23 days ago | |
| vspsolutions.com.au FULL DATA DUMP | — | AU Australia | Professional Services | Unknown | about 1 month ago | |
| Important Announcement | — | — | — | Unknown | about 1 month ago | |
| VPN Access Sale | — | — | — | Unknown | about 1 month ago | |
| cgcsa.co.za UPDATE-FULL DATA DUMP | — | ZA South Africa | Professional Services | Unknown | about 1 month ago | |
| vspsolutions.com.au SAMPLE-FREE 20GB | vspsolutions.com.au | AU Australia | Professional Services | Unknown | about 1 month ago | |
| ttt.vn UPDATE-FULL DATA DUMP | — | VN Vietnam | Other | Unknown | about 1 month ago | |
| arc-reins.com + fidelityunited.ae UPDATE-FULL DATA DUMP | arc-reins.com | AE United Arab Emirates | Financial Services | Unknown | about 1 month ago | |
| FANASA.COM UPDATE-FULL DATA DUMP | — | MX Mexico | Financial Services | Unknown | about 1 month ago | |
| ams-group.co.uk FULL DATA DUMP 33GB | — | GB United Kingdom | Professional Services | Unknown | about 2 months ago |
Page 1 of 3
Affected countries(68)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇷Argentina🇦🇺Australia🇧🇪Belgium🇧🇬BulgariaBolivia, Plurinational State of🇧🇷Brazil🇧🇾Belarus🇨🇦Canada🇨🇱Chile🇨🇲Cameroon🇨🇳China🇨🇴Colombia🇨🇷Costa Rica🇨🇺Cuba🇨🇿Czech Republic🇩🇪Germany🇩🇰Denmark🇩🇿Algeria🇪🇨Ecuador🇪🇬Egypt🇪🇸Spain🇪🇹Ethiopia🇫🇮Finland🇫🇷France🇬🇧United Kingdom🇬🇷Greece🇭🇰Hong Kong🇭🇷Croatia🇭🇺Hungary🇮🇩Indonesia🇮🇱Israel🇮🇳India🇮🇶IraqIran, Islamic Republic of🇮🇹Italy🇯🇵Japan🇰🇭CambodiaKorea, Republic of🇱🇧Lebanon🇲🇦MoroccoMacedonia, the Former Yugoslav Republic of🇲🇹Malta🇲🇽Mexico🇲🇾Malaysia🇳🇱Netherlands🇵🇦Panama🇵🇪Peru🇵🇭Philippines🇵🇱Poland🇶🇦Qatar🇷🇸SerbiaRussian Federation🇸🇦Saudi Arabia🇸🇬Singapore🇸🇳Senegal🇹🇭Thailand🇹🇳Tunisia🇹🇷TurkeyTaiwan, Province of China🇺🇦Ukraine🇺🇸United States🇺🇾Uruguay🇺🇿UzbekistanVirgin Islands, U.S.🇻🇳Vietnam🇿🇦South AfricaGlobal