stormous
Ransomware group profile
Description
Stormous is a pro-Russian cybercriminal group known for its ransomware attacks and data exfiltration, employing double extortion tactics. They primarily target organizations in the United States, Ukraine, and Europe, focusing on sectors such as government, healthcare, and telecommunications. The group operates under a Ransomware-as-a-Service model, enabling affiliates to utilize their tools extensively.
Key insights
- •Stormous employs double extortion tactics, encrypting and threatening to leak sensitive data.
- •Targets include government, healthcare, energy, and telecommunications sectors.
- •The group utilizes both custom and publicly available tools, often exploiting unpatched vulnerabilities.
- •They primarily operate through a Ransomware-as-a-Service (RaaS) model.
- •Recent attacks include significant data breaches affecting hundreds of thousands of individuals.
- •Stormous claims alignment with Russian geopolitical interests and focuses on Western countries.
Threat Level & Status Breakdown
For stormous · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for stormous in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for stormous
- b15a8047abd9a3af013cf6c77ce15acf
- 0a73291ab5607aef7db23863cf8e72f55bcb3c273bb47f00edf011515aeb5894
- 96ba3ba94db07e895090cdaca701a922523649cf6d6801b358c5ff62416be9fa
- aa62afd6a48d3c42ed66d4f5b9189be847ec055b
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for stormous
T1486
T1486
T1490
T1490
T1078
T1078
T1021
T1021
T1562
T1562
T1059
T1059
T1547
T1547
T1021.001
T1021.001
T1210
T1210
T1005
T1005
T1105
T1105
T1041
T1041
Victims(56)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| katholiekamersfoort.nl | katholiekamersfoort.nl | NL Netherlands | Education | Unknown | 1 day ago | |
| vspsolutions.com.au FULL DATA DUMP | — | AU Australia | Professional Services | Unknown | 11 days ago | |
| Important Announcement | — | — | — | Unknown | 17 days ago | |
| VPN Access Sale | — | — | — | Unknown | 17 days ago | |
| cgcsa.co.za UPDATE-FULL DATA DUMP | — | ZA South Africa | Professional Services | Unknown | 17 days ago | |
| vspsolutions.com.au SAMPLE-FREE 20GB | — | AU Australia | Professional Services | Unknown | 21 days ago | |
| ttt.vn UPDATE-FULL DATA DUMP | — | VN Vietnam | Other | Unknown | 21 days ago | |
| FANASA.COM UPDATE-FULL DATA DUMP | — | MX Mexico | Financial Services | Unknown | 23 days ago | |
| arc-reins.com + fidelityunited.ae UPDATE-FULL DATA DUMP | — | AE United Arab Emirates | Financial Services | Unknown | 23 days ago | |
| ams-group.co.uk FULL DATA DUMP 33GB | — | GB United Kingdom | Professional Services | Unknown | 25 days ago | |
| ttt.vn TTT Corporation | ttt.vn | VN Vietnam | Other | Unknown | 29 days ago | |
| or-technology.com | or-technology.com | DE Germany | Technology | Unknown | about 1 month ago | |
| cgcsa.co.za | cgcsa.co.za | ZA South Africa | Retail & E-Commerce | Unknown | about 1 month ago | |
| FANASA.COM | fanasa.com | MX Mexico | Healthcare | Unknown | about 1 month ago | |
| arc-reins.com + fidelityunited.ae | fidelityunited.ae | AE United Arab Emirates | Financial Services | Unknown | about 1 month ago | |
| GhostLocker/Stm | — | — | — | Claimed | about 2 months ago | |
| Clarochile | clarochile.cl | CL Chile | — | Unknown | 4 months ago | |
| GOODMANMFG | — | — | Manufacturing | Unknown | 6 months ago | |
| futureal | — | — | Other | Unknown | 6 months ago | |
| bkcolombia | — | CO Colombia | Other | Unknown | 6 months ago |
Page 1 of 3
Affected countries(66)
Countries where this group has been reported to target or leak victims.