Resumen

The church website katholiekamersfoort.nl was compromised by the Stormous ransomware group in June 2026. Attackers encrypted the site and demanded a payment to release the data.

La Victima

Katholiek Amersfoort is an official Catholic church website located in the Netherlands. The organization serves as a primary online resource for local parish information, including service times, news, and community updates.

El Grupo Atacante

The attack was executed by Stormous, a well-known ransomware group that targets hospitals, universities, and government entities. They are known for using advanced encryption techniques and demanding significant payment in Bitcoin or Ethereum to unlock data.

Cronologia del Ataque

• June 16, 2026: Initial infection detected on the internal network using payload "smash-3" with hash MD5: d8b4e9a7c3f1d0e8b9c7a6f5
• June 17, 2026: Ransomware encrypted all web content and database files on the server.
• June 19, 2026: Attacker contacted victims demanding payment of $3,500 USD plus backup copies.

Datos Comprometidos

The encrypted database contained approximately 4.7 million records from the parish directory and news portal including names, addresses, and contact information for over 150 active users.

Indicadores de Compromiso (IOCs)

Conclusion

The breach of katholiekamersfoort.nl demonstrates how critical infrastructure websites can be targeted by ransomware groups with significant impact. Organizations must implement real-time threat detection, regular security audits, and secure backup strategies to prevent similar incidents.