Stormous is an Arabic-speaking, pro-Russian ransomware and hacktivist group active since at least 2022, known for politically motivated attacks across 15+ countries, collaborating with GhostSec on the GhostLocker 2.0 RaaS platform and inheriting GhostSec's RaaS operations in mid-2024.
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Tácticas y técnicas observadas del actor, mapeadas a MITRE ATT&CK (clic para ver la ficha oficial). Útil para priorizar detecciones.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
/*
Stormous ransomware (pro-Russian)
*/
rule Stormous_Ransomnote
{
meta:
author = "ransomware.live"
family = "ransomware.stormous"
description = "Detects Stormous ransomware ransom note"
date = "2026-05-04"
severity = 7
score = 70
strings:
$s1 = "Stormous" ascii nocase
$s2 = "STORMOUS" ascii
$s3 = "stormous.onion" ascii nocase
condition:
any of them
}
The church website's network (katholiekamersfoort.nl/) has been breached, resulting in the exfiltration of over 10 GB of data. This data pertains to donors, staff, and the personal information of a large number of individuals. The compromised data includes: Databases and Personally Identifiable Information (PII), internal network shares and document, contact lists, board and committee data, as well as system metadata.
150 GB of data has been extracted, including: COMPTABILITÉ - FACTURES ACHAT / FACTURES À PAYER / FACTURES MODIFIÉES - Banking Informations SA2000 - PAIEMENTS CLIENTS - CLIENTS / PO CLIENTS - FOURNISSEUR / TRANSPORTEURS - EMPLOYÉS / EMBAUCHE - ACTIONNAIRES - COURRIEL / DOCUMENTS COURRIELS.There is still an opportunity to communicate and resolve this situation. We are currently awaiting the company's !
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| katholiekamersfoort.nl UPDATE-FOR SALE | NL | Not Found | — | 9 jun 2026 |
| sa2000.com UPDATE-FULL DATA DUMP | Not Found | — | 9 jun 2026 | |
| SA2000.COM | SA | Not Found | — | 4 jun 2026 |
| katholiekamersfoort.nl | NL | Education | — | 2 jun 2026 |
| FANASA.COM | MX | Not Found | — | 3 may 2026 |
| www.bkcolombia.org | CO | Not Found | — | 8 dic 2025 |
| www.americanadecolchones.com | CO | Consumer Services | — | 27 oct 2025 |
| rinaldi.com.br | BR | Business Services | — | 6 jun 2025 |
| enersolcr.com | CR | Energy | — | 2 may 2025 |
| biodimed.com | EC | Healthcare | — | 15 dic 2024 |
| uatf.edu.bo | BO | Education | — | 17 nov 2024 |
| dismogas | CO | Energy | — | 4 mar 2024 |
| everplast | BR | Manufacturing | — | 4 mar 2024 |
| Abelsantosyasoc | AR | Not Found | — | 26 feb 2024 |
| Abelsantosyasoc.com.ar | AR | Healthcare | — | 2 feb 2024 |
| uffs.edu.br | BR | Education | — | 18 ene 2024 |
| Interep | BR | Transportation/Logistics | — | 23 sept 2023 |
| Senior | BR | Business Services | — | 17 jul 2023 |
| Ministerio de Cultura de la Republica de Cuba " STORMOUS + GhostSec " | CU | Public Sector | — | 12 jul 2023 |
| Ministry of Energy and Mines (Cuba) " STORMOUS + GhostSec " | CU | Energy | — | 12 jul 2023 |
| LINX | BR | Technology | — | 27 mar 2023 |
| DAVINCI | AR | Education | — | 25 mar 2023 |
| CESCE | BR | Financial Services | — | 25 mar 2023 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
150 GB of data has been extracted, including: COMPTABILITÉ - FACTURES ACHAT / FACTURES À PAYER / FACTURES MODIFIÉES - Banking Informations SA2000 - PAIEMENTS CLIENTS - CLIENTS / PO CLIENTS - FOURNISSEUR / TRANSPORTEURS - EMPLOYÉS / EMBAUCHE - ACTIONNAIRES - COURRIEL / DOCUMENTS ***.There is still an opportunity to communicate and resolve this situation. We are currently awaiting the company's !
The church website's network (katholiekamersfoort.nl/) has been breached, resulting in the exfiltration of over 10 GB of data. This data pertains to donors, staff, and the personal information of a large number of individuals. The compromised data includes: Databases and Personally Identifiable Information (PII), internal network shares and document, contact lists, board and committee data, as well as system metadata.
Personally Identifiable Information (PII), Electronic Fiscal Documents (CFDI/XML), Financial Transaction Records, Commercial Invoices & Billing Data, Taxpayer Identification Numbers (RFC), Client & Vendor Database/Internal Corporate Documentation
(Folders/Files) Email/Communication/System/Application Data AYEAPLICACIONES database/Log Data BDATOSFITCLOD ( Software/Installation/Program Files AUTOBΟΥ Personal/Miscellaneous Files AvenaCubana )