216.73.217.139

Lost in the Fog: A New Ransomware Threat

· Published 07/06/2024 10:34 · Modified 07/06/2024 10:37

Export JSON

Essential information

Published
07/06/2024 10:34
Modified
07/06/2024 10:37
Tags
2024-06-07 backup deletion credential encryption foggyweb lateral movement ransomware
Related entities
2 vulnerabilities (cve), 5 observables, 19 techniques (mitre), 1 malware, 2 others

Description

Arctic Wolf Labs began monitoring the deployment of a new variant called Fog in early May 2024. The attacks targeted organizations in the education and recreation sectors within the United States. Evidence suggests threat actors gained initial access through compromised VPN credentials and leveraged techniques like dumping, tools like PsExec, and payloads with capabilities to disable defenses, encrypt data, and delete backups. The actors appeared financially motivated, seeking rapid and ransom payment rather than data exfiltration.

External references