Stormous Ransomware Gang Targets Belgian Beer Firm Duvel

The Stormous ransomware gang has taken credit for an attack on Belgian beer firm Duvel. Production at four breweries owned by Duvel ground to a halt after the cyber-attack. Initially, five of its production facilities were shut down - one has since come back online. Duvel said it was currently unable to give further details "as the investigation into the cause of the cyber-attack is ongoing."

Duvel is an independent family of authentic craft breweries and a leader in specialty beers. It encompasses 11 breweries: four in Belgium, three in the United States, one in the Czech Republic, one in Italy, one in the Netherlands, and one in the United Kingdom.

Stormous' Background and Operations

Stormous does not maintain a RaaS (Ransomware-as-a-Service) platform. Stormous emerged in mid-2021 or early 2022 and made headlines, claiming to have exfiltrated 200GB of data from victim Epic Games as well as the Ministry of Foreign Affairs of Ukraine. They also were purported to have offered Coca-Cola data for sale.

Stormous is assessed to have targeted companies whose data was leaked by other threat actors, and some have asserted they are a scam operation. Stormous attack volume has been diminishing, and it is assessed that they may not be responsible for some of the attacks they claim. Stormous does not maintain a RaaS platform and focuses on straight data extortion.

Political Motivations and Targets

Stormous claims to target Western companies and espouses a lot of rhetoric about the Russian and Ukrainian conflict, but it is not clear if they are hacktivist-oriented or using this to sew confusion. It is still unclear exactly how Stormous operates. They claim politically motivated targeting may be more opportunistic or could be trying to make money from the threat actors' work by leveraging the chaos and confusion around the high volume of ransomware attacks today.