The Stormous ransomware gang has taken credit for an attack on a major Belgian beer producer this week. The ransomware attack on Duvel Moortgat Brewery has affected operations for days. Can you believe it? Who wants to stop the flow of beer? Local news outlets and BleepingComputer reported on Wednesday that Duvel’s IT department detected the attack and shut down production lines. Spokesperson Ellen Aerts told reporters that they are “still working to find out exactly what happened. "We have decided to switch off our servers and as a result production is at a standstill at all our Belgian sites and at our site in the United States,” she said. "We are confident that we will be able to restart production soon. In the meantime, there is enough stock, so Duvel drinkers don’t have to worry.”
The company was added to Stormous’ leak site on March 7th with the group claiming to have stolen 88 gigabytes of data from Duvel. The gang gave the brewer a deadline of March 25 to pay the ransom. The company did not respond to requests for comment about the situation.[1]
The incident comes amid growing interest in Stormous ransomware following their announced alliance with GhostSec, a financially-motivated hacking group conducting single and double-extortion attacks that has ramped up its activity over the last year, according to Cisco Talos.
Researchers published a report this week about the alliance between the two groups, finding that they are “operating together to conduct… double extortion attacks” on victims in Cuba, Argentina, Poland, China, Lebanon, Israel, Uzbekistan, India, South Africa, Brazil, Morocco, Qatar, Turkey, Egypt, Vietnam, Thailand and Indonesia.
GhostSec has also been active on its Telegram channel in highlighting its attacks on Israel’s Industrial systems, critical infrastructure and technology companies. In recent months the group has claimed to be part of an alliance called the “Five Families,” which includes the hacking groups ThreatSec, Stormous, Blackforums and SiegedSec. “Their claims also showed us that their primary focus is raising funds for hacktivists and threat actors through their cybercriminal activities,” Cisco researchers said.
GhostSec began to collaborate with the Stormous ransomware gang in July 2023 in several alleged attacks on government organizations in Cuba. By October, the two groups announced a partnership and GhostSec unveiled a new ransomware-as-a-service (RaaS) operation called GhostLocker. Since then, the groups have collaborated on several attacks while evolving their offerings to include methods for independent hackers to use their platform to simply sell or publish stolen data.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. redskyalliance. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://therecord.media/stormous-claims-duvel-beer-attack/
Comments