A lesser-known ransomware group known as Stormous has recently issued a warning that it plans to release sensitive data belonging to approximately 57,000 customers of Transak, a cryptocurrency purchasing platform. The group claims that they have obtained sensitive information about users of the payment gateway and will make this data public if their ransom demands are not met promptly.
Transak facilitates the purchase of cryptocurrencies using fiat currency through credit cards and retains various payment-related information on its servers. In response to the hacking incident, Transak has stated that the attackers gained access only to basic information such as names and that they are actively managing the situation. Sami Start, the CEO of Transak, noted that as many as 93,000 individuals could potentially be affected by this breach, although the spread of the malware has been contained.
The trend of ransomware attacks targeting cryptocurrency exchanges has been increasing, as cybercriminals are often confident that victims will pay the demanded ransoms. These groups exploit vulnerabilities within financial networks and online platforms, seeking to profit from the sensitive data they can obtain.
In the case of Transak, the Stormous group gained access to the network through a security lapse involving an employee who used their office laptop for unauthorized purposes. This oversight allowed the attackers to infiltrate the network and gather information.
Stormous, which has been operational since 2021, primarily communicates in Arabic and has been associated with pro-Russian sentiments, particularly in the context of the ongoing conflict in Ukraine. They appear to be collaborating with another ransomware group known as GhostSec, enhancing their capabilities and reach in the cybercriminal landscape.
Ad