Stormous Ransomware Group Claims it Has Stolen NVIDIA Source Code, Threatens to Leak Customer Data

Stormous ransomware group is claiming to have hacked NVIDIA and obtained both source code and customer data. We have obtained exclusive commentary from Stormous and NVIDIA with more information for this report.

The Stormous ransomware group has announced today on Telegram that they have successfully hacked NVIDIA, the leading GPU manufacturer.

The pro-Russian hackers that like to hit western companies claimed that they have stolen both source code and customer data, including account passwords, personal information, and various user details.

The size of the stolen data, according to Stormous exceeds 15GB, and the threat actors have asked NVIDIA to contact them by Wednesday (tomorrow) or they will leak it.

For the stolen source code, the hackers clarified they’re not planning to leak it publicly, but instead they will sell it to interested buyers.

At the time of writing this, Stormous’ Tor site appears to be offline and there are no samples to evaluate at this time, but we will update this story if/when that changes.

Stormous threatens to release NVIDIA user data

Earlier today, the hackers provided an updated comment on their Telegram channel claiming that NVIDIA is not negotiating. Stormous claims they will begin leaking data tomorrow.

Stormous provided RestorePrivacy with additional information for this report.

Stormous provides further details to RestorePrivacy

We contacted Stormous in our investigation for this report. The group told us via email today that this hack is new and not related to the previous NVIDIA hack that was attributed to Lapsus ransomware group last spring.

Stormous elaborated on the personal data the group plans to release from NVIDIA users:

The data we got are the following personal data and when we say personal data we mean data like their public data service account passwords (such as residence phone number etc…) In addition, the NVIDIA customer data has been completely stolen And access to the source code for their service

-Stormous’ statement to RestorePrivacy

Stormous also told us that tomorrow’s leak will include data from 3,000 NVIDIA customers:

In proportion to the number of users affected, you will see this tomorrow when we will leak the first file containing 3000 users’ data.

-Stormous’ statement to RestorePrivacy

We also contacted NVIDIA for commentary on the situation.

NVIDIA remains quiet

RestorePrivacy contacted NVIDIA for a comment on the hackers’ claims, and a spokesperson of the company declined to comment on the situation.

We will update this article with any further commentary we receive from NVIDIA.

Examining Stormous’ claims

While Stormous calls itself a ransomware group, it does not appear that they have deployed ransomware that encrypts their victims in these attacks, and NVIDIA is no different in that sense.

As the hackers clarify at the end of their message on Telegram, there was no file encryption involved in this attack, so the only damage inflicted to NVIDIA is that coming from the data theft and the threat to disclose it.

As to the validity of the claims, time will tell.

Previously, Stormous claimed to have breached Coca-Cola, the world’s most famous beverage maker, stealing 161GB in the process.

The company never admitted network intruders had stolen any data, but some financial details, passwords and account names appeared on the group’s leak page a few days after the attack.

Earlier in the year, Stormous announced a massive breach on Epic, the game publisher, alleging the compromise of 33 million of users, members of the Epic store and players of Epic games. This too was denied by the victim, and we have not seen concrete evidence of the claims.

All that said, NVIDIA could be a breakthrough moment for Stormous, taking the group out of obscurity, particularly with the announced data dump tomorrow. Once again, time will tell.