Stormous attacks Dynamite

Incident Date:

July 25, 2023

World map



Stormous attacks Dynamite






Mt Laurel Township, USA

New Jersey, USA

First Reported

July 25, 2023

The Stormous Extortion Gang's Attack on Dynamite

The Stormous extortion gang has attacked Dynamite. Dynamite is a prominent and well-established publishing company within the entertainment and comic book industry. Known for its diverse catalog of titles, the company has gained recognition for producing comic books, graphic novels, and other literary works featuring popular characters, licensed properties, and original creations. The company has garnered a loyal fan base and a solid reputation for delivering engaging storytelling and high-quality artwork across its publications.

Stormous posted Dynamite to its data leak site on July 25th, claiming to have stolen company projects, plans, emails, books, paid designs, ideas, and financial data. Stormous is a ransomware gang first identified in mid-2021. According to a mission statement published by the organization, its objective is to attack targets in the U.S. and other Western nations. However, in 2022, the group added Ukraine and India to this list. Stormous listing countries, not companies, suggests that politics is a primary motivator for the group.

Communication and Operations

Stormous communicates through a Telegram channel and an .onion website. However, conversation on Telegram primarily consists of statements from the group. While the group identifies itself as a ransomware gang, it does not operate as a Ransomware-as-a-Service (RaaS) operation, and it's unknown what type of ransomware it may be using in its campaigns.

Motivations and Comparisons

The group's motivations and principles resemble Lapsus$, another ransomware gang that mainly targets Western entities. Both Lapsus$ and Stormous make a lot of noise online, drawing attention to themselves and making flashy, bombastic proclamations of the Dark Web and Telegram.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.