Skip to content
Ransomware group

Stormous

Stormous is a ransomware/extortion group tracked under the name Stormous.

Profile source: Mallory opens in a new tab

Stormous

Family profile

Stormous is a ransomware/extortion group tracked under the name Stormous. In the provided reporting, it appeared in ransomware victim-leak-site monitoring for 2025 and was assessed as active enough to be counted among groups responsible for individual incidents. The content states that Stormous revamped its data leak site (DLS), abandoned its previous practice of operating only at certain times, and increased activity by posting a large amount of information related to hotel and resort victims, indicating attacks against that sector. It also claimed to have attacked a German car manufacturer, but the reporting explicitly notes that no breach evidence was provided to support that claim. The available content does not provide technical details on malware functionality, infection vector, encryption behavior, specific tooling, or indicators of compromise. No high-confidence threat-actor attribution beyond the Stormous name itself is provided in the source material.

Ransomware.live

Operational record

View group record ↗

Ransomware.live

Recent claims

All published claims ↗

MITRE ATT&CK

Stormous in ATT&CK

34 distinct techniques

Reporting

Research mentioning Stormous

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.