A ransomware group known as Stormous has issued a disturbing alert regarding the potential release of sensitive data pertaining to around 57,000 customers of Transak, a platform that facilitates cryptocurrency transactions. The group asserts it has obtained critical user information from the payment gateway and has threatened to make this data public unless their ransom demands are met immediately.
Transak specializes in enabling cryptocurrency purchases through fiat currencies and retains various operational and transactional records on its servers. In light of the recent breach, Transak has indicated that the unauthorized access was limited to basic user information, such as names. The company’s CEO, Sami Start, remarked that up to 93,000 individuals may be at risk from this incident, although they claim to have contained the malware’s spread.
The rising trend of ransomware attacks targeting cryptocurrency exchanges has raised alarms within the cybersecurity community, as attackers often anticipate that victims will comply with ransom demands. Such groups exploit weak spots in financial networks and e-commerce platforms, aiming to monetize the sensitive information they acquire.
Stormous has been active since 2021, and it notably communicates primarily in Arabic, often exhibiting pro-Russian inclinations, particularly in relation to the ongoing conflict in Ukraine. Reports suggest that Stormous is collaborating with another ransomware collective, GhostSec, thereby expanding their operational capabilities and reach in the cybercriminal ecosystem.
This incident underlines the importance of robust cybersecurity measures, particularly in the financial technology sector. Businesses should remain vigilant against such threats, ensuring they are equipped to thwart potential attacks leveraging techniques outlined in the MITRE ATT&CK matrix. The attack on Transak highlights various adversary tactics including initial access, which in this case was achieved through employee negligence. Additionally, persistence methods may have been employed to maintain access to the compromised network, illustrating the multifaceted challenges organizations face in protecting sensitive consumer data.
