New Fog ransomware targets schools via hacked VPNs

Sead Fadilpašić

7 June 2024 at 10:19 am·1-min read

A new ransomware strain has been detected using compromised VPN credentials to access their victims’ endpoints.

Researchers at Arctic Wolf, who started tracking the ransomware variant in early May 2024, named it Fog, with its victims mostly educational organizations in the US, with other notable examples falling in the recreation industry.

So far, Arctic Wolf observed the attackers using compromised VPN credentials from at least two gateway vendors: "In each of the cases investigated, forensic evidence indicated that threat actors were able to access victim environments by leveraging compromised VPN credentials," Arctic Wolf explained. "Notably, the remote access occurred through two separate VPN gateway vendors. The last documented threat activity in our cases occurred on May 23, 2024."

Stealing data

After compromising the network, the attackers try to gain access to valuable accounts, including those capable of establishing Remote Desktop Protocol (RDP) connections. Then, they look to disable Windows Defender and set the ground for the deployment of the encryptor.

Fog will also encrypt VMDK files in Virtual Machine (VM) storage, and will delete backups from object storage in Veeam and Windows volume shadow copies. The encrypted files carry the .FOG extension. Finally, the ransomware will drop a note, instructing the victims on how to get in touch and try to decrypt the system.

Arctic Wolf did not find evidence of the threat actors exfiltrating sensitive data before running the encryptor, but BleepingComputer says this is the case. In fact, the ransom note contains a link to a Tor dark website where the threat actors share samples of stolen data with the victims, proving that they had, in fact, grabbed sensitive files.

More from TechRadar Pro

FBI urges LockBit ransomware victims to reach out after securing thousands of decryption keys
Here's a list of the best firewalls around today
These are the best endpoint security tools right now

Tom's Guide
Phones are more like PCs than ever — here’s how to protect them from viruses and malware
Viruses and malware for smartphones are becoming more common, so here's what I do to protect my phone from potential threats.
Zacks
Alphabet (GOOGL) Boosts Android Efforts With App Upgrades
Alphabet (GOOGL) boosts Android offerings with Google Photos app update, thereby strengthening its Google Services segment.
Reuters
Apple okays Epic Games marketplace app in Europe
Apple said on Friday it has approved Epic Games' games marketplace app on iPhones and iPads in Europe, after the "Fortnite" maker escalated its feud with the technology giant, accusing it of hindering its efforts to set up a games store on the devices. Apple said the latest spat concerned the Epic Sweden AB Marketplace and has nothing to do with the video games maker's Fortnite app which has already been given the green light. Apps developers and antitrust regulators have criticized Apple's tight control of the iOS app ecosystem.
Tom's Guide
ChatGPT for macOS just got caught breaching Apple security rules — how that affects you
The MacOS ChatGPT app has been caught circumventing certain Apple data security measures.
Tom's Guide
iOS 18 brings two hidden upgrades to the Weather app — here's what's new
More hidden iOS 18 features are being discovered by users trying out the developer betas, including two new additions to the ever-useful Weather app.
TechCrunch
Apple approves Epic Games' marketplace app after initial rejections
After multiple rejections, Apple has approved Fortnite maker Epic Games' third-party app marketplace for launch in the EU. As now permitted by the EU's Digital Markets Act (DMA), Epic announced earlier this year it planned to bring both the digital storefront and its flagship game, Fortnite, back to iOS in Europe. Epic then said it would take the matter to European regulators for review.
Engadget
You can now get AI Judy Garland or James Dean to read you the news
ElevenLabs is offering AI voices of deceased icons on their new Reader App.
The Independent
Dad pleaded for daughter’s ex-boyfriend not to be freed from jail. Days later, her mutilated body was found in a car
‘If they let him out, he was going to kill her,’ Lauren Johansen’s father said he warned a judge just days before his daughter’s death
The Telegraph
Biden vows to ‘beat Trump in 2020’ and says he’s proud to be a black woman in latest gaffes
Joe Biden vowed to beat Donald Trump “in 2020” as he pledged to stay in the presidential race and fight to save his re-election bid.
The Telegraph
The world must prepare for President Michelle Obama
The 2024 US Presidential race intensifies. Speculation abounds over potential replacements for President Joe Biden amid increasing pressure from his party and the media to step aside after a jaw-dropping, catastrophic debate against Donald Trump last week. Among the names circulating, a game-changer is emerging: Michelle Obama. Could this be America’s worst nightmare?
The Daily Beast
Conservatives Routed in Worst Election Result for 200 Years
LONDON—The Conservatives, the world’s winningest political party, were booted out of power in dramatic style on Thursday after 14 years of chaotic and divisive rule.The Labour Party had secured a landslide victory, ending an era of Conservative rule over Britain that stretches back to 2010; the year that the iPad and Instagram were launched and Lady Gaga wore that meat dress to the MTV music awards.In that time, the Conservatives have cycled through five leaders, each of them dragging the party
Cosmo
Jade Thirlwall frees the nipple in a see-through chainmail top
Jade Thirlwall appears on the cover of beat magazine wearing a see-through chainmail top to free the nipple. See the image shared on social media, here.
The Telegraph
Biden ‘seriously considering’ leaving election race
Joe Biden has for the first time said that he is considering ending his presidential campaign, according to reports.
The Independent
A couple rented an Airbnb from a ‘friendly’ landlord. Then they wound up dismembered in a suitcase
Michael Lee Dudley seemed like a typical Washington homeowner – until three teenagers stumbled across a suitcase of horrors on a beach
Cinema Online
Joyce Chen confirms she has become a mother
The TVB actress shares photos of her and her daughter, not revealing partner's identity
People
Tobey Maguire Spotted with Arm Around Actress Lily Chee at Star-Studded Fourth of July Party
The 'Spider-Man' actor, 49, was seen spending time with actress Lily Chee, 20, at a party on July 4
The Telegraph
Beijing is laughing at the West’s weakness
Russian aggression in Ukraine poses a threat to world peace and stability. China provides material support for Russia’s actions. All this is entirely clear. In Beijing, immediately after a meeting with Xi Jinping in April this year, US Secretary of State Antony Blinken said that “Russia would struggle to sustain its assault on Ukraine without China’s support”. This included selling huge quantities of machine tools and micro-electronics that would be used in the Russian defence industry.
CNN
9 out of 10 voters say there are important differences between Biden and Trump. Here’s what they see as the biggest ones
If there’s one thing that American voters overwhelmingly agree on, it’s that this year’s presidential election presents a stark choice. In the latest CNN poll by SSRS, 91% of registered voters say they see important differences between President Joe Biden and former President Donald Trump, dwarfing even the 77% of voters who said last fall that there were significant divides between the Democratic and Republican parties. Even among the so-called “double haters” – those with unfavorable views of
The Independent
Voices: Tory downfall: The 9 reasons it has all gone wrong for Rishi Sunak
A series of world events, poor decisions and fatal gaffes conspired to see Rishi Sunak lead the Tories to the worst electoral defeat in his party’s 346-year history
Evening Standard
All change: When will Rishi Sunak have to move out of Number 10 — and where could he live next?
With the removal vans on standby, the current prime minister has a portfolio of high-end properties to choose from

Stealing data

More from TechRadar Pro

Latest stories