The Stormous ransomware group has touted itself as the actor behind some attacks since early 2022. Discussions began to revolve around some of these attacks being carried out by other threat actors, with the Stormous group making it seem like they did it.
Finally, Stormous claimed to obtain 200GB of data belonging to Epic Games. We share with you some information obtained by SOCRadar analysts by monitoring the dark web.
Who is Stormous Ransomware Group?
The Stormous ransomware group has sought to make its name by taking advantage of the rising tensions between Russia and Ukraine. SOCRadar analysts think the group is trying to make a name for itself by using the agenda of groups like Conti.
Threat intelligence experts have yet to agree on whether the Stormous group makes these claims for political agenda or forward-looking financial gain. However, the general opinion is that this is an advertising campaign.
What are Stormous Group’s Claims?
The Stormous group claims to target western countries and companies. There are some recorded attacks so far, but it should be noted that these are dubious. There has been no confirmation from the companies the group claims to have attacked.
The Stormousannounced on March 1 that they had attacked the network of the Ministry of Foreign Affairs of Ukraine. They claimed to have obtained a lot of sensitive data such as phone numbers, emails, passwords, and card numbers from the ministry’s database.
However, it was known that this data was circulating on the dark web for a long time and was shared for free. This is “Is Stormous a scam?” brought up the argument.
Epic Games Alleged Data Breach
The Stormous gang came to the fore with the Epic Games breach. The threat actor claimed that they discovered a vulnerability in the company’s internal network and stole nearly 200 gigabytes of data, including the information of 33 million users. They added that they would continue to leak data about company employees, not users’ personal information.
In the post shared by the group on Telegram, it seems that they do not share any content about the leaked data. This again brings to mind the possibility of a scam.
Is Stormous Ransomware a Scam?
Attacks by the Stormous ransomware group are also called “scavenger operations” in cybersecurity. These operations are carried out by targeting companies whose data was leaked by another threatactor before. However, the general opinion about Stormous is that it is a scam.
As we mentioned before, the group may be trying to create an agenda to make its name known and may want to consolidate its reputation with actual attacks later on. For this reason, SOCRadar analysts have put the group under observation.
With SOCRadar® Free Edition, you’ll be able to:
- Discover your unknown hacker-exposed assets
- Check if your IP addresses tagged as malicious
- Monitor your domain name on hacked websites and phishing databases
- Get notified when a critical zero-day vulnerability is disclosed
Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets. Get free access