-
The Stormous ransomware group leaked over 151,000 sensitive files from a major South African trade association.
-
They also dumped 33 GB of UK company data and threatened to release 40 GB from an Australian security firm.
-
Victims include a consumer goods council, a construction supplier, and a security provider. Stormous claims political ties to Russia but experts question their true motives.
A hacker group called Stormous is on a leaking spree. They’ve hit organizations in South Africa, the United Kingdom, and Australia, all within weeks of each other.
The scariest part? They’re giving away this stolen data for free on their leak site. No ransom negotiations, no dark web auctions. Just straight-up public dumps.
Details of the Data Leaks
One of their victims, the Consumer Goods Council of South Africa (CGCSA), got hit on May 3. This isn’t some small outfit. CGCSA represents over 9,000 member companies in retail, consumer goods, and services. They’re one of the largest industry associations in the country.
Stormous claims they walked away with more than 151,000 sensitive files. We’re talking internal communications, tax records, and contracts. The group says they’re releasing the entire database for free. No payment required. Just complete public exposure.
Avon Material Supplies (AMS Group) also appeared on Stormous’s victim list. This company is a UK concrete, aggregates, and waste management supplier that has been in operation for more than 30 years.
The hackers say they extracted 33 GB of company records. That includes payroll sheets, client information, partner directories, employee records, and business plans. They also claim to have official contracts, legal data, and other highly sensitive information. Stormous has already leaked all 33 GB online.
But there’s more. Stormous, also named VSP Solutions, a renowned Australian security solutions provider, was one of their victims.
Stormous says they attacked VSP on May 13. They stole 40 GB of data. That haul includes email archives, staff personal information, financial records, and customer records for installers and integrators nationwide.
The group also claims to have shipment and order tracking for major brands like Hikvision and Axis. They’re offering a 20 GB sample for free right now. The public release of all data is still pending.
Who is Stormous Ransomware?
So who are these hackers? Stormous is allegedly a pro-Russian ransomware group that targets websites, companies, and organizations. A number of prominent American corporations have been targeted, such as Coca-Cola, Mattel, and Danaher. In addition, Stormous went after the Ministry of Foreign Affairs and stole lots of sensitive information.
Stormous appears to be a group of Arabic-speaking hackers. Active since 2021 and professed supporters of Russia during its war with Ukraine, they were able to expand their reputation on the backdrop of growing tensions.
But here’s the thing. Experts disagree on their real motives. Some say the political talk is just for show. Others think financial gain drives everything. Either way, Stormous practices double extortion. They encrypt your files and demand payment. If you don’t pay, they leak your data to damage your reputation.
The scale of data theft varies widely among groups. An Israeli company, DGM, suffered a major heist with 547 GB of stolen data, significantly more than Stormous’s recent hauls — now being sold on the dark web.
Stormous uses specific malware to encrypt and lock victim files, after which they demand that the victim pay money before they can access the file. They’ve been assigned many detection names, among them Trojan.Ransom.PHP, Malware-gen[Trj], and Trojan:Script/Malgent!MSR. The malware is spread through phishing emails, exploiting vulnerabilities, remote desktop protocol attacks, including ads, pop-ups, and credential abuse. No free decryptor exists today.
What this Means for Businesses Everywhere
Here’s the reality check. Stormous isn’t targeting small mom-and-pop shops. They’re hitting industry associations, supply chain companies, and even security providers. If a security firm can get breached, no one is safe.
The implications go beyond stolen files. For CGCSA, 9,000 member companies now face potential exposure. Their internal communications, tax records, and contracts are public. That erodes trust in the entire association.
For AMS Group in the UK, payroll sheets and employee records being public creates identity theft risks. Client information in the wrong hands can lead to targeted scams. Business plans leaking give competitors an unfair advantage.
VSP Solutions faces the most ironic blow. They sell security to others. Now their own staff’s personal information and customer records are compromised. Major brand shipment tracking for Hikvision and Axis leaking exposes supply chain vulnerabilities.
SalvageData experts recommend proactive steps. Backing up your data regularly is important. Good OpSec habits go a long way to. And importantly, never ignore software updates. In case of any ransomware attacks, reach out for help from recovery experts immediately.
Stormous shows no signs of slowing down. They’re leaking data for free just to cause chaos. That’s not about money anymore. That’s about destruction.
