Ransomware Group: STORMOUS

VICTIM NAME: Wizz Air

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the STORMOUS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Wizz Air, a company operating within the transportation and logistics sector in Hungary. The incident involves a data breach that was publicly acknowledged on May 2, 2025, with the attack date recorded as April 30, 2025. The breach has resulted in the circulation of sensitive employee data and other internal information. The leak includes screenshots of internal documents, emphasizing the severity of the compromise. The compromised data primarily relates to employee information, with a total of 52 employees’ data allegedly involved, and a significant amount of additional information potentially accessible to third-party entities. The breach is linked to a group identified as “stormous,” and the event highlights ongoing concerns over cybersecurity defenses within the company. The incident has also exposed the involvement of multiple infostealer malware variants, which are responsible for extracting data from victims’ systems, and the leak indicates a substantial volume of stolen data that could facilitate further malicious activities. Despite public denials from Wizz Air’s official statements, the breach and subsequent circulation of information cast doubt on the company’s security measures and monitoring capabilities, raising significant questions about the integrity of customer and partner data security policies.

The leak page notes that the incident involves data collected from various infostealer groups, including the notorious RedLine, Raccoon, and others, indicating a sophisticated level of cyber intrusion. The supplied screenshot provides visual evidence of internal documents, which may include operational or administrative data, though specific details are redacted for privacy. Information available suggests that the breach could potentially impact thousands of users, with over 84,000 related to the compromised data being noted. The leak underscores the potential risks posed by malware-based data theft campaigns targeting corporate networks, especially in sectors involving transportation and travel. Publicly available data and tactics suggest that threat actors may exploit such leaks for malicious activities like fraud, identity theft, or further cyber attacks. The incident illustrates the persistent dangers of cyber vulnerabilities and the importance for organizations to strengthen security posture and monitor for unauthorized data access.