Stormous
Stormous is a ransomware/extortion group tracked under the name Stormous.
Profile source: Mallory opens in a new tabStormous
Family profile
Stormous is a ransomware/extortion group tracked under the name Stormous. In the provided reporting, it appeared in ransomware victim-leak-site monitoring for 2025 and was assessed as active enough to be counted among groups responsible for individual incidents. The content states that Stormous revamped its data leak site (DLS), abandoned its previous practice of operating only at certain times, and increased activity by posting a large amount of information related to hotel and resort victims, indicating attacks against that sector. It also claimed to have attacked a German car manufacturer, but the reporting explicitly notes that no breach evidence was provided to support that claim. The available content does not provide technical details on malware functionality, infection vector, encryption behavior, specific tooling, or indicators of compromise. No high-confidence threat-actor attribution beyond the Stormous name itself is provided in the source material.
Ransomware.live
Operational record
Ransomware.live
Recent claims
MITRE ATT&CK
Stormous in ATT&CK
34 distinct techniquesReporting
Research mentioning Stormous
OT Ransomware Trends: Q2 2025 Analysis & Insights | Dragos
“Stormous, Orca, Nitrogen, Morpheus, Monti, MedusaLocker, Kawa4096, Kairos, DataVault, DATACARRY, Blackout, Arkana, Apos Security, Abyss: Each accounted for 1 incident…”
May 2025 Deep Web and Dark Web Trends Report
Through its recent renewal, DLS changed its design and abandoned its previous principle of only operating at certain times. It also posted a large amount of information on hotel and resort victims, revealing its attack nature. The group claimed to have attacked *** Group, a German car manufacturer, but has not provided any breach evidence to support this claim.