The Stormous Group is a relatively young, pro-Russian cybercriminal gang focused on conducting ransomware attacks and data exfiltration. This group operates worldwide and has made a name for itself in recent years by attacking both large and small companies, stealing sensitive data and demanding a ransom to release the encrypted data.
Origins and objectives
Stormous is known as a hacktivist group with a pro-Russian agenda. They operate in the shadows of the international cybercriminal world and mainly target companies in the Western world. Among other things, they claim to raise money to fund their hacktivist activities and support other cyber groups, such as GhostSec, with whom they cooperate.
Well-known Belgian and international cases
Stormous' most prominent Belgian attack was that on Duvel Moortgat in 2024. In this, production at the brewery was shut down and 88 gigabytes of data was stolen, including sensitive company and employee personal information. The hackers demanded a ransom, but Duvel Moortgat refused to pay, making the stolen data public.
Internationally, Stormous has had multiple victims, including companies in countries such as Cuba, Argentina, Poland and Israel. These attacks range from government agencies to large corporations, with the cybercriminals using both ransomware and double extortion techniques.
Methodology of the Stormous Group
Stormous is known for their use of ransomware, encrypting victims' data and forcing them to pay a ransom to regain access. In addition to ransomware, they often use "double extortion," threatening to make the stolen data public if the victim refuses to pay.
Stormous also operates through their own "leak site," where they publish the stolen data of victims who refuse to accede to their demands. This creates an additional means of pressure, as the publication of sensitive data often results in reputational damage for the companies involved and possible legal consequences, such as fines for failing to protect personal data under the GDPR.
How companies can protect themselves
Companies can protect themselves from groups like Stormous by using robust cybersecurity measures:
- Multilayered security: Deploying multiple layers of protection can help detect and block attacks early.
- Backups and recovery plans: Regular backups and well-thought-out recovery procedures can reduce downtime and prevent data loss.
- Awareness training: By making employees aware of phishing and other cyber threats, many attacks can be avoided.
Conclusion: Stormous remains a threat to businesses worldwide, but with the right precautions, organizations can significantly reduce the chances of a successful attack.