2022 BrightTALK, a subsidiary of TechTarget, Inc. What do we make of the Stormous ransomware group? Ransomware started strong in 2022 with a significant attack on Bernalillo County in New Mexico making headlines. The Stormous ransomware group has touted itself as the actor behind some attacks since early 2022. Topics include: CloudSEK team has identified Stormous ransomware campaigns targeting multiple organizations globally. )html, http://allahabadnidhi(.)in/indexSTM(. Trustwave SpiderLabs will continue to track the threat of Stormous and groups activities as more information becomes available. For its part, Stormous has previously been linked with Russia,according to researchers, and has breached data from Ukrainian companies in the past. With 200+ customers across the globe and counting, were committed to improving the health and safety of the entire planets cyber ecosystem with the industrys most accurate and comprehensive cyber intelligence. As we mentioned before, the group may be trying to create an agenda to make its name known and may want to consolidate its reputation with actual attacks later on. We use cookies to ensure you get the best experience. Like Lapsus$, Stormous is quite loud online and looks to attract attention to itself, making splashy proclamations on the Dark Web and utilizing Telegram to communicate with its audience and organize to determine who to hack next. Not consenting or withdrawing consent, may adversely affect certain features and functions. Multiple sources have used Facebook and other social media outlets to try and gather a force to conduct these attacks. The technical storage or access that is used exclusively for statistical purposes. A message in Arabic from the Stormous Telegram channel stating it had attacked the Ukraine Ministry of Foreign Affairs. CloudSEK researchers have observed that the Stormous ransomware group is usually interested in the source code and sensitive documents of their targets. The Stormousannounced on March 1 that they had attacked the network of the Ministry of Foreign Affairs of Ukraine. In May 26 ransomware attacks were publicly disclosed, an increase over both 2020 and 2021. Eradicate cyberthreats with world-class intel and expertise, Expand your teams capabilities and strengthen your security posture, Tap into our global team of tenured cybersecurity specialists, Subscription- or project-based testing, delivered by global experts, Get ahead of database risk, protect data and exceed compliance requirements, Catch email threats others miss and prevent data loss, Researchers, ethical hackers and responders, Unprecedented security visibility and control, Key alliances who align and support our ecosystem of security offerings, Join forces with Trustwave to protect against the most advance cybersecurity threats, There is some debate within the cybersecurity community on the validity of Stormous claims, Cyber Attackers Leverage Russia-Ukraine Conflict in Multiple Spam Campaigns, Dark Web Insights: Evolving Cyber Tactics Aim to Impact the Russia-Ukraine Conflict, Dark Web Recon: Cybercriminals Fear More Law Enforcement Action in the Wake of the REvil Takedown. However, the general opinion is that this is an advertising campaign. Thank you for your registration. Heres a look at what else we uncovered during the month. All rights reserved. )html, http://sigssitamarhi(.)com/indexSTM(. The future of cybersecurity is fueled by knowledgeget yours right here. This again brings to mind the possibility of a scam. From Stormous description, it doesnt seem like the most valuable trade secrets are in the dump file (or that Stormous cant tell if they are there)., Bambeneck added, Whats important for any organization in this kind of position is to rapidly assess what information was taken and what its value is to inform decision makers in situations like this where days of analysis just arent in the cards.. All rights reserved Cybersecurity Ventures 2018. The technical storage or access that is used exclusively for anonymous statistical purposes. Delivered daily or weekly right to your email inbox. Heres a snapshot of the ransomware attacks that made news during the month. )html, http://vnpsnanakpura(.)in/indexSTM(. SOCRadar analysts think the group is trying to make a name for itself by using the agenda of groups like Conti. Who Is Stormous and Where Does Its Allegiance Lie? Heres a look at what else we uncovered for the month. There has been no confirmation from the companies the group claims to have attacked. Get free access, Deep Web Profile: Who is Stormous Ransomware Claiming to Leak Epic Games Information, group has touted itself as the actor behind some attacks since early 2022. Pink Slips To Million Dollar Salaries: Are CISOs Underappreciated Or Overpaid? Based on their latest poll, the group announced that First Floppy is their next victim. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Exposed IP addresses and login credentials can lead to potential account takeovers. Motivations behind attackspolitical or something else? The operators have shared the data on their website. Some researchers have suggested that many of their attacks are either a scam or the group is exaggerating their claims. Does the Killnet Pose a Serious Threat to Our Industry? 2022 Cybersecurity Ventures. BlackFog blocks threats across mobile and desktop endpoints, protecting organizations data and privacy, and strengthening regulatory compliance. Stormous has also claimed to have successfully attacked several targets in India and Saudi Arabia and possibly a Chinese government site. In this case, perhaps because Stormous is relatively new to the scene, its postings and communications appear to be a brand-building exercise. This goal shifted in 2022, adding Ukraine and India to its target list. The threat actor claimed that they discovered a vulnerability in the companys internal network and stole nearly 200 gigabytes of data, including the information of 33 million users. Data Exfiltration Do You Know Where Your Stolen Data is Going? However, this attack, like the others, has not been corroborated. John Bambenek, principal threat hunter at Netenrich, notes that the comparatively small ransom demand is also perplexing. First Floppy is a rental goods and services company based in Delhi. This is Is Stormous a scam? brought up the argument. Threatintelligence experts have yet to agree on whether the Stormous group makes these claims for political agenda or forward-looking financial gain. This is Is Stormous a scam? brought up the argument. In March we recorded 25 ransomware attacks with Samsung, Microsoft and Bridgestone making headlines. Please try again later. However, the group did not define the type or amount of data it had taken, and neither Mattel nor Danaher reported suffering a related cyber incident. The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Top Influencers, 10 Top Cybersecurity Journalists And Reporters, 5 Security Influencers to Follow on LinkedIn, Top 25 Cybersecurity Experts to Follow On Social Media, List of Women in Cybersecurity to Follow on Twitter, Top 100 Cybersecurity Influencers at RSA Conference 2019, The Complete List of Hacker & Cybersecurity Movies, Christopher Porter, SVP & CISO, Fannie Mae, Robert Herjavec, Shark on ABCs Shark Tank, Sylvia Acevedo, CEO, Girl Scouts of the USA, Rob Ross, former Apple Engineer, Victim of $1 Million SIM Swap Hack, CISO Convene at One World Trade Center in NYC, Girl Scouts Troop 1574 Visit Cybercrime Magazine, Women Know Cybersecurity: Moving Beyond 20%, Phishing at a New York Mets Baseball Game, KnowBe4 Documentary: The Making of a Unicorn, Gee Rittenhouse, SVP/GM at Cisco Security, Ken Xie, Founder, Chairman & CEO at Fortinet, Jack Blount, President & CEO at INTRUSION, Theresa Payton, Founder & CEO at Fortalice, Craig Newmark, Founder of Craigslist on Cybersecurity, Kevin Mitnicks First Social Engineering Hack, Troels Oerting, WEFs Centre for Cybersecurity, Mark Montgomery, U.S. Cyberspace Solarium Commission, Sylvia Acevedo, CEO at Girl Scouts of the USA, Brett Johnson: Original Internet Godfather, Spear Phishing Attack Victim Loses $500,000, Laura Bean Buitta, Founder of Girl Security, Sarah Gilbert, Microsofts Gothic Opera Singer, Kevin Mitnick, The Worlds Most Famous Hacker, Mastering Cyber with Dr Jay, SVP at Mastercard, Whos Who In Cybersecurity: Top Influencers, What Are Deep Fakes? , with the Stormous group making it seem like they did it. Moreover, two of the group's members that were arrested were from mid-eastern countries. Ducktail Malware Targets Facebook Business Accounts via LinkedIn Phishing Attack, What is Domain Hijacking and How to Prevent, Zero-Day Security Flaw Exploited in PrestaShop Websites, Top 5 Tools for Phishing Domain Detection, SonicWall Released Hotfix for Critical SQL Injection Flaw, Discover your unknown hacker-exposed assets, Check if your IP addresses tagged as malicious, Monitor your domain name on hacked websites and phishing databases, Get notified when a critical zero-day vulnerability is disclosed. The group has targeted several Indian organizations in the past including: At the time of writing this report, CloudSEK researchers discovered that the threat group is plotting to attack five more organizations, and has hosted a poll for their subscribers, to vote and choose their next target. Stormous has already claimed responsibility for an alleged attack on the Coca-Cola Corp that it claims garnered 161GB of data. )html, http://macnnareladelhi(.)com/indexSTM(. by Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. SOCRadar analysts think the group is trying to make a name for itself by using the agenda of groups like. Women Hold 20 Percent Of Cybersecurity Jobs, @WomenKnowCyber List of Women In Cybersecurity, Women Know Cyber: 100 Fascinating Females Fighting Cybercrime, Women In Cybersecurity Profiles, by Di Freeze, Mastercard Launches AI-Powered Solution to Protect the Digital Ecosystem, INTRUSIONs Shield Brings Government-Level Cybersecurity to Businesses, Illusive Networks Raises $24 Million to Thwart Cyberattacks with Honeypots, Wires Next Gen Video Conferencing Platform Challenges Zoom and Teams, The Phish Scale: NIST Helps IT Staff See Why Users Click on Emails, CYR3CON Adds Advisor, Former CISO at Wells Fargo Capital Markets, The Latest Cybersecurity Press Releases from Business Wire. There are some recorded attacks so far, but it should be noted that these are dubious. Rating the believability of Stormous claims Copyright 2022 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG. In the post shared by the group on Telegram, it seems that they do not share any content about the leaked data. The screenshot from Stormous site shows that the data it sells includes files with names such as accounts.zip and passwords.txt. Finally, Stormous claimed to obtain 200GB of data belonging to Epic Games. welcome :There is no other Iranian organization, and there is no other organization in the name of our gangs, Stormus, there is only one Arab organization, with this name in the IBM hack, it was announced in the name of Iran because it was wrong and will not be corrected and spread and IBM was hacked by us and by DarkSat hackers hacking the data of major companies all on our side And penetration of AKAMIA company data by us as well.We tell you that a mistake was made in the name of Iran, and there is no organization other than us with this name Stormus, and all the breaches that we witnessed, and complete evidence exists, and whoever opposes gives evidence of another Storms platform.Say, there are no organizations from 2015 and whoever invented this news is spreading rumors.#STORMOUS ARAB#ghost_metli#ghostly, @Treadstone71LLC The Conti gang was also busy this month with notable attacks on industrial giant Parker Hannifin and Snap On Tools. All rights reserved Cybersecurity Ventures 2022, 2022 Cybersecurity Almanac: 100 Facts, Figures, Predictions & Statistics, Cybercrime Costs $10.5 Trillion Annually by 2025, Up from $6 Trillion in 2021, Ransomware Hits Every 2 Seconds In 2031, Up from 11 Seconds in 2021, Cybersecurity Spending To Be $1.75 Trillion Cumulatively, 2021 to 2025, 3.5 Million Unfilled Cybersecurity Jobs By 2021, Up from 1 Million in 2014, Cyberinsurance Market To Reach $34 Billion By 2031, Up From 8.5 Billion In 2021, Cyberinsurance Market To Grow 15 Percent YoY Over The Next Decade. While there may be an upside from a clout and branding perspective to making hacking activities public, law enforcement can use communications information to bring cybercriminals more swiftly to justice. Most notably, Yegor Aushev, co-founder of a cybersecurity company in Kyiv, told Reuters he wrote a post calling for underground cyber defenders at the request of a senior Ukrainian Defense Ministry official who contacted him. Stormous is also representative of another recent trend that sees threat actors creating a "corporate-like" structure and business model. We are coordinating with law enforcement. We will continue to monitor for additional threat intelligence. This again brings to mind the, Attacks by the Stormous ransomware group are also called scavenger operations in, These operations are carried out by targeting companies whose data was leaked by another. Copyright 2022 Trustwave Holdings, Inc. All rights reserved. With the ongoing hostilities between Russia and Ukraine, and with America supporting Ukraine in their defense, it is not surprising that pro-Russian groups have decided to target American organizations for attack, said Erich Kron, security awareness advocate with KnowBe4, in a statementabout the reports. United States, BlackFog UK Ltd. At this time it is not known why the site is down. The soft drink giant has confirmed that it has contacted law enforcement and is investigating a cyber incident but has so far offered no details on what might have transpired, according toSecurity Week. To provide the best experiences, we use technologies like cookies to store and/or access device information. Vulnerabilities in Atlassian Confluence Actively Exploited, Top 5 Free Attack Surface Management Tools, Threats of Commercialized Malware: Knotweed. Why Endpoint Protection is a Vital Part of Any Anti-Data Exfiltration Strategy. Jai Vijayan, Contributing Writer, Dark Reading, Nathan Eddy, Contributing Writer, Dark Reading, Tara Seals, Managing Editor, News, Dark Reading, SecTor - Canada's IT Security Conference Oct 1-6 - Learn More, Malicious Bots: What Enterprises Need to Know, Ransomware Resilience and Response: The Next Generation, Building & Maintaining an Effective Remote Access Strategy | August 2 Webinar | , Building & Maintaining Security at the Network Edge | July 28 Webinar | , Breaches Prompt Changes to Enterprise IR Plans and Processes, Implementing Zero Trust In Your Enterprise: How to Get Started, Understanding Machine Learning, Artificial Intelligence, & Deep Learning, and When to Use Them, How Supply Chain Attacks Work - And What You Can Do to Stop Them, Fake Google Software Updates Spread New Ransomware, New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials, ICYMI: Critical Cisco RCE Bug, Microsoft Breaks Down Hive, SHI Cyberattack, How to Keep EVs From Taking Down the Electrical Grid, Building and Maintaining an Effective Remote Access Strategy, 6 Elements of a Solid IoT Security Strategy, AppSec Considerations For Modern Application Development. If youre a business, technology, financial, education or government executive, then weve got you covered with the latest news. Our daily feed keeps boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals on the cutting edge of ransomware. Heres a snapshot of what organizations made the ransomware list this month. However, the general opinion is that this is an advertising campaign. The threat actor claimed that they discovered a vulnerability in the companys internal network and stole nearly 200 gigabytes of data, including the information of 33 million users. London WC2A 2JR They claimed to have obtained a lot of, such as phone numbers, emails, passwords, and card numbers from the ministrys, However, it was known that this data was circulating on the. However, the general opinion about Stormous is that it is a scam. Education and government were the hardest hit verticals for the month, with an attack on Indian airline SpiceJet and farming equipment maker AGCO making the most headlines globally. )html, http://besthost(.)co(.)in/indexSTM(. Monitor for anomalies, in user accounts and systems, that could be indicators of possible takeovers. Since the Russia-Ukraine war started on Feb. 14, threat groups have been lining up to support each side. announced on March 1 that they had attacked the network of the Ministry of Foreign Affairs of Ukraine. Stormous announcement of the Coca-Cola data for sale and teasing new data dumps from other US companies. Events and activities seen in the last few months The exposed confidential details could reveal business practices and intellectual property. The Austrian state of Carinthia also made news when the BlackCat criminal gang disrupted their systems and demanded a ransom of 5 million. In the post shared by the group on Telegram, it seems that they do not share any content about the leaked data. In June we recorded 31 publicly disclosed ransomware attacks, the most weve seen this year so far. Sign up now to our Threat intelligence Newsletter and be the first to know about threats first in your inbox. The group began selling the data on April 24 for 1.6 BTC, or about $64,000. experts have yet to agree on whether the Stormous group makes these claims for political agenda or forward-looking financial gain. The Russian-speaking ransomware group Stormous is claiming to have stolen161GB of data fromCoca-Cola -- and it'soffering to sellthe supposedcache for 1.65 Bitcoin (about $64,000). Video Disinformation, How To Get Started in the Cybersecurity Field, FBI Cyber Division Section Chief Herb Stapleton, Cyberwarfare: Every American Business Is Under Cyber Attack, 10 Top Cybersecurity Journalists And Reporters To Follow In 2021, Cybersecurity Entrepreneur On A Mission To Eliminate Passwords, FBI Cyber Division Section Chief Warns Of Ransomware, Backstory Of The Worlds First Chief Information Security Officer, 10 Hot Penetration Testing Companies To Watch In 2021, 2020 Cybersecurity Jobs Report: 3.5 Million Jobs Unfilled By 2021, 10 Hot Cybersecurity Certifications For IT Professionals To Pursue In 2020, 50 Cybersecurity Titles That Every Job Seeker Should Know About, Top 5 Cybersecurity Jobs That Will Pay $200,000 To $500,000 In 2020, Directory of Cybersecurity Search Firms & Recruiters. Kherson Referendum or dead moth gesture? In total, Stormous claims to have already accessed and defaced 700 U.S. websites and attacked 44 American companies. The group's motivating principles and behavior somewhat resemble theLapsus$ hacker group, which targets entities mainly in the Western hemisphere. In April the Stormous criminal gang made headlines when they claimed an attack resulting in 161 GBs of data stolen from Coca Cola without the company knowing. ", According toChris Morgan, senior cyberthreat intelligence analyst at Digital Shadows,"There are screenshots reportedly highlighting documents taken from Coca Cola's network. before. Request an easy and customized demo for free. These include links to groups organizing to attack Russian entities, sites containing instructions on how to conduct a DDoS attack, and a recommended DDoS attack target list. However, these cannot be independently verified. Since 11 April 2022, Stormous ransomware group has been actively targeting Indian entities. CloudSEK researchers have noticed that the organizations that the Stormous group claims to have compromised, have been targeted by other groups in the past. Get our Monthly Ransomware Report as a PDF. Heres a snapshot of what else we uncovered. Some of their recent victims include: Additionally, Stormous ransomware group has released a list of Indian domains that could be their potential targets: http://universalkids(.)co(.)in/indexSTM(. The incident closed most government buildings and impacted education in the area. Our behavioral analysis and anti data exfiltration (ADX) technology stops hackers before they even get started. The cyberattack also had a knock on effect at a county jail when the security camera and automatic doors were knocked offline leaving the inmates in lockdown. For this reason, SOCRadar analysts have put the group under observation. South Africas largest supermarket chain made news when they were hit by the RansomHouse criminal gang, and one of Brazils largest retail chains, Fast Shop was also hit. Preventing Insider Threats: What Does it Take to Guard Against Data Exfiltration? And 46 subscribers have participated in this latest poll so far. Schedule time with a CloudSEK Product Expert and let them explain how our products and solutions can help improve your security posture. United Kingdom. The Stormous group claims to target western countries and companies.

Sitemap 16