The Stormous Ransomware Gang's Attack on DGCX

The Stormous ransomware gang has attacked DGCX. The DCGX, or the Dubai Gold and Commodities Exchange, is a commodities derivatives exchange headquartered in Dubai, UAE, founded in 2005. Stormous posted DGCX to its data leak site on March 25th, threatening to publish all stolen data by March 28th if the organization fails to respond. Stormous never leaked the stolen data, suggesting DGCX paid the ransom.

Background of Stormous

Stormous is a ransomware gang first identified in mid-2021. According to a mission statement published by the organization, its objective is to attack targets in the U.S. and other Western nations. However, in 2022 the group added Ukraine and India to this list. Stormous listing countries, not companies, suggests that politics is a primary motivator for the group.

Communication Channels

The group communicates through a Telegram channel and an .onion website. There is little chatter on the Telegram channel, with the conversation mainly comprising of the group's proclamations.

Operational Tactics

While the group identifies itself as a ransomware gang, it does not operate as a Ransomware-as-a-Service (RaaS) operation, and it's unknown what type of ransomware it may be using in its campaigns. The group's motivating principles and behavior somewhat resemble the Lapsus$ hacker group, which targets entities mainly in the Western hemisphere. Like Lapsus$, Stormous is quite "loud" online and looks to attract attention to itself, making splashy proclamations on the Dark Web and utilizing Telegram to communicate with its audience and organize.