Ransomware Group: STORMOUS

VICTIM NAME: www[.]axxoshotels[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the STORMOUS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware group known as Stormous has leaked a substantial amount of data belonging to a hospitality and tourism business based in Germany. The compromised information includes approximately 33 gigabytes of sensitive data related to customer bookings for the year 2025. The leaked data encompasses various personally identifiable information such as identity cards and other personal details, which could potentially impact the privacy of numerous clients. The attack was confirmed on May 21, 2025, and the group has published a claim link to a dark web page for the affected domain. Visual evidence of the leak, including a screenshot of the leaked data or platform interface, has also been shared publicly.

The leak indicates active efforts by cybercriminals to exfiltrate sensitive customer information, which could be exploited for fraud or identity theft. The targeted entity operates within the hospitality and tourism sector in Germany and appears to hold detailed customer data, including identity verification documents. The leak’s size underscores the severity of the breach, and the disclosure of this data on the dark web highlights ongoing cybersecurity risks faced by organizations handling large volumes of personal information. Authorities and impacted parties may need to assess the potential fallout and consider measures to notify affected individuals and mitigate further harm.