Lost in the Fog: A New Ransomware Threat
Essential information
- Published
- 07/06/2024 10:34
- Modified
- 07/06/2024 10:37
- Tags
- 2024-06-07 backup deletion credential encryption foggyweb lateral movement ransomware
- Related entities
- 2 vulnerabilities (cve), 5 observables, 19 techniques (mitre), 1 malware, 2 others
Description
Arctic Wolf Labs began monitoring the deployment of a new ransomware variant called Fog in early May 2024. The ransomware attacks targeted organizations in the education and recreation sectors within the United States. Evidence suggests threat actors gained initial access through compromised VPN credentials and leveraged techniques like credential dumping, lateral movement tools like PsExec, and ransomware payloads with capabilities to disable defenses, encrypt data, and delete backups. The actors appeared financially motivated, seeking rapid encryption and ransom payment rather than data exfiltration.