Stormous attacks Duvel

Incident Date:

March 7, 2024

World map



Stormous attacks Duvel






Puurs-Sint-Amands, Belgium

, Belgium

First Reported

March 7, 2024

Stormous Ransomware Gang Targets Belgian Beer Firm Duvel

The Stormous ransomware gang has taken credit for an attack on Belgian beer firm Duvel. Production at four breweries owned by Duvel ground to a halt after the cyber-attack. Initially, five of its production facilities were shut down - one has since come back online. Duvel said it was currently unable to give further details "as the investigation into the cause of the cyber-attack is ongoing."

Duvel is an independent family of authentic craft breweries and a leader in specialty beers. It encompasses 11 breweries: four in Belgium, three in the United States, one in the Czech Republic, one in Italy, one in the Netherlands, and one in the United Kingdom.

Stormous' Background and Operations

Stormous does not maintain a RaaS (Ransomware-as-a-Service) platform. Stormous emerged in mid-2021 or early 2022 and made headlines, claiming to have exfiltrated 200GB of data from victim Epic Games as well as the Ministry of Foreign Affairs of Ukraine. They also were purported to have offered Coca-Cola data for sale.

Stormous is assessed to have targeted companies whose data was leaked by other threat actors, and some have asserted they are a scam operation. Stormous attack volume has been diminishing, and it is assessed that they may not be responsible for some of the attacks they claim. Stormous does not maintain a RaaS platform and focuses on straight data extortion.

Political Motivations and Targets

Stormous claims to target Western companies and espouses a lot of rhetoric about the Russian and Ukrainian conflict, but it is not clear if they are hacktivist-oriented or using this to sew confusion. It is still unclear exactly how Stormous operates. They claim politically motivated targeting may be more opportunistic or could be trying to make money from the threat actors' work by leveraging the chaos and confusion around the high volume of ransomware attacks today.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.