stormous
Ransomware group profile
56Victims
RussiaSource country
82Impact score
Also Known As
Stormous Virus
Description
Stormous is a pro-Russian cybercriminal group known for its ransomware attacks and data exfiltration, employing double extortion tactics. They primarily target organizations in the United States, Ukraine, and Europe, focusing on sectors such as government, healthcare, and telecommunications. The group operates under a Ransomware-as-a-Service model, enabling affiliates to utilize their tools extensively.
Key insights
- •Stormous employs double extortion tactics, encrypting and threatening to leak sensitive data.
- •Targets include government, healthcare, energy, and telecommunications sectors.
- •The group utilizes both custom and publicly available tools, often exploiting unpatched vulnerabilities.
- •They primarily operate through a Ransomware-as-a-Service (RaaS) model.
- •Recent attacks include significant data breaches affecting hundreds of thousands of individuals.
- •Stormous claims alignment with Russian geopolitical interests and focuses on Western countries.
Threat Level & Status Breakdown
For stormous · Based on incidents in selected period
2.5threat level
Aggressiveness6/ 10
Lethality0.3/ 10
Criticality1.2/ 10
Status Breakdown
Data Leaked5.4%3
Claimed7.1%4
First seenJun 2025
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 18, 2026
Recent activity
Monthly attack count for stormous in the selected period
56Total attacks
20peak in Oct
6.2avg / month
↑ 5 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for stormous
- b15a8047abd9a3af013cf6c77ce15acf
- 95ae81de52655fac3f1b226f1896690566090640
- 1b4b4e910bfd31f5f3f2f3a269bf2c994978b78a
- 8cee3ec87a5728be17f838f526d7ef3a842ce8956fe101ed247a5eb1494c579d
- f001329114937fbc439f251c803ba825
- 8ad67a1b7a5f2428c93f7a13a398e39c
- 0a73291ab5607aef7db23863cf8e72f55bcb3c273bb47f00edf011515aeb5894
- 2a720281cd869c1aaaca430a96cf980f623e0f76
- 12b818950d749c378aabd81a0bac9742
- e014c9e5f712775e771c7f36d2a580d8d290c9ad
- 96ba3ba94db07e895090cdaca701a922523649cf6d6801b358c5ff62416be9fa
- 8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9
- d4f71fc5479a02c8ff57c90fc67b948adb5604e0
- aa62afd6a48d3c42ed66d4f5b9189be847ec055b
- a1b468e9550f9960c5e60f7c52ca3c058de19d42eafa760b9d5282eb24b7c55f
- 3afd36e7e837d7216bdb48e466f8dcd5f2b169b6
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for stormous
CVE-2023-47246
CVE-2023-46850
CVE-2023-46849
CVE-2023-46747
CVE-2023-46604
CVE-2023-34058
CVE-2023-34057
CVE-2023-34051
CVE-2023-34048
CVE-2023-23369
CVE-2023-23368
CVE-2023-22518
Other
T1486
T1486
T1490
T1490
T1078
T1078
T1021
T1021
T1562
T1562
T1059
T1059
T1547
T1547
T1021.001
T1021.001
T1210
T1210
T1005
T1005
T1105
T1105
T1041
T1041
Victims(56)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| mlit.com.my UPDATE-FULL DATA DUMP 10GB | — | MY Malaysia | Government & Defense | Data Leaked | about 4 hours ago | |
| mlit.com.my | mlit.com.my | MY Malaysia | Government & Defense | Data Leaked | 7 days ago | |
| katholiekamersfoort.nl UPDATE-FOR SALE | — | NL Netherlands | Other | Unknown | 10 days ago | |
| sa2000.com UPDATE-FULL DATA DUMP | — | — | Financial Services | Unknown | 10 days ago | |
| SA2000.COM | sa2000.com | SA Saudi Arabia | Technology | Unknown | 16 days ago | |
| katholiekamersfoort.nl | katholiekamersfoort.nl | NL Netherlands | Education | Unknown | 17 days ago | |
| vspsolutions.com.au FULL DATA DUMP | — | AU Australia | Professional Services | Unknown | 27 days ago | |
| Important Announcement | — | — | — | Unknown | about 1 month ago | |
| VPN Access Sale | — | — | — | Unknown | about 1 month ago | |
| cgcsa.co.za UPDATE-FULL DATA DUMP | — | ZA South Africa | Professional Services | Unknown | about 1 month ago | |
| ttt.vn UPDATE-FULL DATA DUMP | — | VN Vietnam | Other | Unknown | about 1 month ago | |
| vspsolutions.com.au SAMPLE-FREE 20GB | — | AU Australia | Professional Services | Unknown | about 1 month ago | |
| FANASA.COM UPDATE-FULL DATA DUMP | — | MX Mexico | Financial Services | Unknown | about 1 month ago | |
| arc-reins.com + fidelityunited.ae UPDATE-FULL DATA DUMP | — | AE United Arab Emirates | Financial Services | Unknown | about 1 month ago | |
| ams-group.co.uk FULL DATA DUMP 33GB | — | GB United Kingdom | Professional Services | Unknown | about 1 month ago | |
| ttt.vn TTT Corporation | ttt.vn | VN Vietnam | Other | Unknown | about 1 month ago | |
| or-technology.com | or-technology.com | DE Germany | Technology | Unknown | about 2 months ago | |
| cgcsa.co.za | cgcsa.co.za | ZA South Africa | Retail & E-Commerce | Unknown | about 2 months ago | |
| FANASA.COM | fanasa.com | MX Mexico | Healthcare | Unknown | about 2 months ago | |
| arc-reins.com + fidelityunited.ae | fidelityunited.ae | AE United Arab Emirates | Financial Services | Unknown | about 2 months ago |
Page 1 of 3
Affected countries(67)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇷Argentina🇦🇺Australia🇧🇪Belgium🇧🇬BulgariaBolivia, Plurinational State of🇧🇷Brazil🇧🇾Belarus🇨🇦Canada🇨🇱Chile🇨🇲Cameroon🇨🇳China🇨🇴Colombia🇨🇷Costa Rica🇨🇺Cuba🇨🇿Czech Republic🇩🇪Germany🇩🇰Denmark🇩🇿Algeria🇪🇨Ecuador🇪🇬Egypt🇪🇸Spain🇪🇹Ethiopia🇫🇮Finland🇫🇷France🇬🇧United Kingdom🇬🇷Greece🇭🇰Hong Kong🇭🇷Croatia🇭🇺Hungary🇮🇩Indonesia🇮🇱Israel🇮🇳India🇮🇶IraqIran, Islamic Republic of🇮🇹Italy🇯🇵Japan🇰🇭CambodiaKorea, Republic of🇱🇧Lebanon🇲🇦MoroccoMacedonia, the Former Yugoslav Republic of🇲🇹Malta🇲🇽Mexico🇲🇾Malaysia🇳🇱Netherlands🇵🇦Panama🇵🇪Peru🇵🇭Philippines🇵🇱Poland🇶🇦Qatar🇷🇸SerbiaRussian Federation🇸🇦Saudi Arabia🇸🇬Singapore🇸🇳Senegal🇹🇭Thailand🇹🇳Tunisia🇹🇷Turkey🇺🇦Ukraine🇺🇸United States🇺🇾Uruguay🇺🇿UzbekistanVirgin Islands, U.S.🇻🇳Vietnam🇿🇦South AfricaGlobal