Security News > 2024 > June > New Fog ransomware targets US education sector via breached VPNs
A new ransomware operation named 'Fog' launched in early May 2024, using compromised VPN credentials to breach the networks of educational organizations in the U.S. Fog was discovered by Arctic Wolf Labs, which reported that the ransomware operation has not set up an extortion portal yet and was not observed stealing data.
BleepingComputer can confirm the ransomware gang steals data for double-extortion attacks, using the data as leverage to scare victims into paying.
The ransomware encrypts VMDK files in Virtual Machine storage and deletes backups from object storage in Veeam and Windows volume shadow copies to prevent easy restoration.
In an attack seen by BleepingComputer, the ransomware gang demanded hundreds of thousands to receive a decryptor and delete the stolen data.
New ShrinkLocker ransomware uses BitLocker to encrypt your files.
RansomHub extortion gang linked to now-defunct Knight ransomware.