-
Stormous says it will end operations and permanently erase victim data from its leak site within 60 days.
-
The ransomware gang has claimed more than 180 victims since launching its operations in early 2022.
-
Security researchers remain cautious because many ransomware groups later return under different names.
The Stormous ransomware group says it plans to end its operations after several years of targeting organizations worldwide. The announcement has raised questions across the cybersecurity community, although many researchers remain unconvinced that the group will disappear permanently.
Cybersecurity researcher Ido Cohen first highlighted the announcement after DarkFeed shared a message posted on Stormous’ leak site. According to the statement, the group plans to close its services and erase all data currently stored on its platform before shutting the website down.
The group stated, “We are preparing to end all of our operations and services. Every piece of hosted data will be permanently removed within the next 60 days before this blog is taken offline forever.”
If Stormous follows through, every victim file hosted on its leak site will disappear before the platform goes offline. However, the operators offered no explanation for the decision. They also did not reveal whether members plan to continue cybercriminal activities under another identity.
Stormous Announces Planned Shutdown
The announcement immediately attracted attention because ransomware groups rarely disappear without leaving unanswered questions. Stormous did not explain why it chose to end operations or whether its members intend to retire completely.
The crypto space has seen its share of incidents. Thorchain is currently investigating a suspected $11 million exploit after an emergency shutdown.
If the shutdown proceeds as announced, the group’s leak site and every hosted victim file should disappear within 60 days. For now, no independent evidence confirms the operators will follow through with their promise.
Researchers Remain Skeptical of the Announcement
Many cybersecurity experts remain skeptical because similar announcements have appeared several times across the ransomware ecosystem. Several well-known gangs previously claimed they were closing down before resurfacing under different brands or joining other criminal operations.
Some groups changed their identities to escape growing law enforcement investigations, international sanctions, or increasing public attention. Others simply rebuilt their infrastructure and resumed attacks with many of the same members and tactics.
Because of that history, researchers believe Stormous’ announcement alone does not prove the operation has permanently ended. Analysts will likely continue tracking the group’s infrastructure, cryptocurrency wallets, affiliates, and online activity throughout the announced shutdown period.
Independent researchers have not confirmed whether the operators genuinely intend to retire. For now, the announcement remains a claim made by Stormous itself. The group’s long-term future will only become clearer after the promised 60-day deadline passes.
Stormous Built a Global Ransomware Operation
Stormous emerged in early 2022 and quickly attracted attention after claiming attacks against organizations across multiple industries. Its reported victims included government agencies, healthcare providers, manufacturers, telecommunications companies, and technology firms operating in several regions.
The ransomware gang relied on a double-extortion strategy throughout its campaigns. It first stole sensitive company data before encrypting systems. The operators then threatened to publish the stolen information unless the victims agreed to pay a ransom.
Threat intelligence researchers estimate Stormous has listed more than 180 victims on its leak site since launching operations. The group has claimed attacks affecting organizations across North America, Europe, Asia, and the Middle East during that period.
Stormous also publicly presented itself as a pro-Russian ransomware operation after the Russia-Ukraine conflict began. Like several similar gangs, it relied on a dedicated leak site to pressure victims whose negotiations failed by exposing stolen corporate information.
If Stormous carries out its promise, one ransomware operation will disappear from the cybercrime landscape. However, history suggests researchers should remain cautious before declaring victory. Several criminal groups have disappeared before returning under completely different names.
Security analysts will continue monitoring Stormous over the coming weeks for signs that its members establish another ransomware brand. Until independent evidence confirms the shutdown, experts believe caution remains the most appropriate response.