The Stormous ransomware gang listed US marine dealerships firm, No Limit Marine Group, as a victim, its first in two months. The Cyble research team found traces of the ransomware gang allegedly supporting the Russian government in Pro-Russian campaigns.
After a short halt, the threat actor is back at it again and has attacked the No Limit Marine Group. The company provides marine dealerships and used boats for potential clients. According to sources, the threat actor has stolen 20 GB of firm data, which includes financial and personal information.
Stormous Ransomware, 2022’s newbie
The Stormous ransomware is a relatively new threat actor that recently gained recognition in underground hacking forums. The threat actor claimed responsibility for various attacks in Q2 and Q3.
Some of these attacks were carried out by other threat groups, but Stormous attributes itself as the attacker. Moreover, the threat actor also claims the recent data leak of Epic Games, stealing 200GB of data from the US gaming giant.
“Stormous, which may have begun operating as early as mid-2021, has posted a mission statement stating its objective is to attack targets in the U.S. and other western nations. This goal shifted in 2022, adding Ukraine and India to its target list,” said a Trustware report.
“The way they discuss countries as their targets as opposed to specific businesses or industries suggests that politics more influence these shifts in targets than financial gain.”
The gang in April claimed to have hacked the multinational beverage corporation Coca-Cola Company. Stormous posted on its Telegram group that it hacked a few servers of the company and stole 161GB data from them.
Interestingly, Stormous attacked the company after a poll on its Telegram channel asking the members to decide on the next company. Coca-Cola was the most (72%), followed by Mattel (9%).
The gang followed up on its survey results by claiming to have attacked Mattel in May.
Stormous, Russia, and Ukraine
Stormous has been trying to establish a name for itself by capitalizing on escalating tensions between Russia and Ukraine. The ransomware group is believed to be attempting to develop a reputation for itself by exploiting the agendas of organizations such as Conti.
Since March 2022, it has been claiming to organize cyberattacks against anyone who opposes the Russian government. It has claimed that it instigated the distributed denial-of-service (DDoS) attack on the website of The Ministry of Foreign Affairs of Ukraine.
Subsequently, the group declared it obtained sensitive data from the ministry’s database, including phone numbers, emails, passwords, and credit card details.