Stormous attacks The DGCX

Incident Date:

March 25, 2023

World map



Stormous attacks The DGCX


The Dubai Gold and Commodities Exchange




Dubai, United Arab Emirates

, United Arab Emirates

First Reported

March 25, 2023

The Stormous Ransomware Gang's Attack on DGCX

The Stormous ransomware gang has attacked DGCX. The DCGX, or the Dubai Gold and Commodities Exchange, is a commodities derivatives exchange headquartered in Dubai, UAE, founded in 2005. Stormous posted DGCX to its data leak site on March 25th, threatening to publish all stolen data by March 28th if the organization fails to respond. Stormous never leaked the stolen data, suggesting DGCX paid the ransom.

Background of Stormous

Stormous is a ransomware gang first identified in mid-2021. According to a mission statement published by the organization, its objective is to attack targets in the U.S. and other Western nations. However, in 2022 the group added Ukraine and India to this list. Stormous listing countries, not companies, suggests that politics is a primary motivator for the group.

Communication Channels

The group communicates through a Telegram channel and an .onion website. There is little chatter on the Telegram channel, with the conversation mainly comprising of the group's proclamations.

Operational Tactics

While the group identifies itself as a ransomware gang, it does not operate as a Ransomware-as-a-Service (RaaS) operation, and it's unknown what type of ransomware it may be using in its campaigns. The group's motivating principles and behavior somewhat resemble the Lapsus$ hacker group, which targets entities mainly in the Western hemisphere. Like Lapsus$, Stormous is quite "loud" online and looks to attract attention to itself, making splashy proclamations on the Dark Web and utilizing Telegram to communicate with its audience and organize.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.