June 4, 2024 at 04:05PM
A new ransomware group, “Fog,” has been conducting traditional attacks by locking up data in virtual environments for quick payouts. They utilize stolen VPN credentials, exploit vulnerabilities in VPN gateways, and employ tactics like credential stuffing and disabling Windows Defender. Fog targets US organizations, especially in the education sector, due to their limited cybersecurity resources.
From the meeting notes, we can gather that a new ransomware group called “Fog” has been conducting traditional ransomware attacks, locking up data in virtual environments to achieve quick payouts. To facilitate their attacks, Fog typically begins by acquiring stolen VPN credentials and has targeted two different VPN gateway vendors. The group employs various tactics, such as credential stuffing, exploiting native Windows and open-source tools, and using Tor for communication with victims, while avoiding data exfiltration and more complex attack methods. Fog has primarily targeted organizations in the US, with a focus on the education sector, likely due to its inadequacies in cybersecurity resources. To combat such threats, it is critical for employees to understand how to manage their credentials effectively and be vigilant to prevent lateral movement and privilege elevation by threat actors.