stormous attacks 3S Standard Sharing Software
Incident Date:
March 24, 2022
Overview
Title
stormous attacks 3S Standard Sharing Software
Victim
3S Standard Sharing Software
Attacker
Stormous
Location
First Reported
March 24, 2022
Alchemer Suffers Ransomware Attack by Stormous Group
Company Overview
Located in Louisville, Colorado, Alchemer provides enterprise online survey software and tools, serving a global clientele. The company leverages Amazon Web Services (AWS) for its hosting needs and adheres to a modified Lean Agile System Development Life Cycle (SDLC) methodology across separate development, test, and production environments. Alchemer's commitment to enhancing both the functionality and security of its software is evident in its operational practices.
Vulnerabilities and Mitigation
Alchemer employs a robust security framework that encompasses data encryption, regular scanning and patching, comprehensive logging and alerting, and well-defined disaster recovery and business continuity plans. Additionally, the company has an incident response plan in place. It ensures customer data protection through unique login IDs and data segmentation based on unique customer IDs, with encryption applied to data in transit, at rest, and on backups. Despite these precautions, the ransomware group Stormous successfully targeted Alchemer, exploiting an undisclosed vulnerability in the company's defenses.
Industry Standout
Alchemer distinguishes itself in the software industry by prioritizing security and privacy in its online survey tools. The company's efforts to comply with specific regulatory requirements, while not guaranteeing absolute compliance, underscore its commitment to safeguarding user data.
Impact and Response
The ransomware attack on Alchemer by the Stormous group marks a significant incident within the cybersecurity domain, underscoring the persistent threat posed by ransomware actors. Details regarding Alchemer's response to the attack remain unspecified.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.