Stormous ransomware gang takes credit for attack on Belgian brewer Duvel
The Stormous ransomware gang has taken credit for an attack on a major Belgian beer producer this week.
The ransomware attack on Duvel Moortgat Brewery has affected operations for days. Local news outlets and BleepingComputer reported on Wednesday that Duvel’s IT department detected the attack and shut down production lines.
Spokesperson Ellen Aerts told reporters that they are “still working to find out exactly what happened.
"We have decided to switch off our servers and as a result production is at a standstill at all our Belgian sites and at our site in the United States,” she said. "We are confident that we will be able to restart production soon. In the meantime, there is enough stock, so Duvel drinkers don’t have to worry.”
The company was added to Stormous’ leak site on Thursday, with the group claiming to have stolen 88 gigabytes of data from Duvel. The gang gave the brewer a deadline of March 25 to pay the ransom.
The company did not respond to requests for comment about the situation.
The incident comes amid growing interest in Stormous ransomware following their announced alliance with GhostSec, a financially-motivated hacking group conducting single- and double-extortion attacks that has ramped up its activity over the last year, according to Cisco Talos.
Researchers published a report this week about the alliance between the two groups, finding that they are “operating together to conduct… double extortion attacks” on victims in Cuba, Argentina, Poland, China, Lebanon, Israel, Uzbekistan, India, South Africa, Brazil, Morocco, Qatar, Turkey, Egypt, Vietnam, Thailand and Indonesia.
GhostSec has also been active on its Telegram channel in highlighting its attacks on Israel’s Industrial systems, critical infrastructure and technology companies.
In recent months the group has claimed to be part of an alliance called the “Five Families” — which includes the hacking groups ThreatSec, Stormous, Blackforums and SiegedSec.
“Their claims also showed us that their primary focus is raising funds for hacktivists and threat actors through their cybercriminal activities,” Cisco researchers said.
GhostSec began to collaborate with the Stormous ransomware gang in July 2023 in several alleged attacks on government organizations in Cuba. By October, the two groups announced a partnership and GhostSec unveiled a new ransomware-as-a-service operation called GhostLocker.
Since then, the groups have collaborated on several attacks while evolving their offerings to include methods for independent hackers to use their platform to simply sell or publish stolen data.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.