* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Tuesday, October 7, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Row K Entertainment Emerges as Major New Hollywood Buyer With Splashy TIFF Shopping Spree – TheWrap

    Row K Entertainment Emerges as Major New Hollywood Buyer With Splashy TIFF Shopping Spree – TheWrap

    Charlie Hunnam Reflects on Playing a Serial Killer in Monster: The Ed Gein Story – Yahoo

    Charlie Hunnam Reveals the Dark Challenges of Playing a Serial Killer in Monster: The Ed Gein Story

    “Reba” cast, then and now: See the stars 24 years later (and who’s reunited for another show) – Yahoo

    “Reba” cast, then and now: See the stars 24 years later (and who’s reunited for another show) – Yahoo

    Why Taylor Swift Name-Dropped Elizabeth Taylor in Her New Album – Yahoo

    Here’s Why Taylor Swift Dropped Elizabeth Taylor’s Name in Her New Album

    Al Roker Gives Olivia Dean an Unexpected ‘New Job’ on the ‘Today’ Show – Yahoo

    Al Roker Shocks Olivia Dean with an Exciting New Role on the ‘Today’ Show

    Books about the arts and some haunts for a Denton October – Denton Record-Chronicle

    Uncover Artistic Treasures and Spooky Adventures to Experience in Denton This October

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    ARM Institute opens technology project call to speed submarine manufacturing – The Robot Report

    ARM Institute Unveils Cutting-Edge Technology Project to Revolutionize Submarine Manufacturing

    Forget Cowbells. Cows Wear High-Tech Collars Now. – The New York Times

    Ditch the Cowbells: Discover the High-Tech Collars Transforming Cattle Care

    What the Recent Price Surge Means for Figure Technology Solutions After SEC Settlement – Yahoo Finance

    What the Recent Price Surge Reveals About Figure Technology Solutions Following SEC Settlement

    MAC Brings iPad Technology to Football Sidelines Across All 13 Member Schools – Sports Video Group

    MAC Brings iPad Technology to Football Sidelines Across All 13 Member Schools – Sports Video Group

    Technology Is Becoming More Important Than Humans In CX – No Jitter

    Technology Is Becoming More Important Than Humans In CX – No Jitter

    A Tech Expo Shows What China Can Make, but Not Who’ll Buy It All – The New York Times

    Inside China’s Tech Expo: Cutting-Edge Innovations Face Uncertain Demand

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Row K Entertainment Emerges as Major New Hollywood Buyer With Splashy TIFF Shopping Spree – TheWrap

    Row K Entertainment Emerges as Major New Hollywood Buyer With Splashy TIFF Shopping Spree – TheWrap

    Charlie Hunnam Reflects on Playing a Serial Killer in Monster: The Ed Gein Story – Yahoo

    Charlie Hunnam Reveals the Dark Challenges of Playing a Serial Killer in Monster: The Ed Gein Story

    “Reba” cast, then and now: See the stars 24 years later (and who’s reunited for another show) – Yahoo

    “Reba” cast, then and now: See the stars 24 years later (and who’s reunited for another show) – Yahoo

    Why Taylor Swift Name-Dropped Elizabeth Taylor in Her New Album – Yahoo

    Here’s Why Taylor Swift Dropped Elizabeth Taylor’s Name in Her New Album

    Al Roker Gives Olivia Dean an Unexpected ‘New Job’ on the ‘Today’ Show – Yahoo

    Al Roker Shocks Olivia Dean with an Exciting New Role on the ‘Today’ Show

    Books about the arts and some haunts for a Denton October – Denton Record-Chronicle

    Uncover Artistic Treasures and Spooky Adventures to Experience in Denton This October

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    ARM Institute opens technology project call to speed submarine manufacturing – The Robot Report

    ARM Institute Unveils Cutting-Edge Technology Project to Revolutionize Submarine Manufacturing

    Forget Cowbells. Cows Wear High-Tech Collars Now. – The New York Times

    Ditch the Cowbells: Discover the High-Tech Collars Transforming Cattle Care

    What the Recent Price Surge Means for Figure Technology Solutions After SEC Settlement – Yahoo Finance

    What the Recent Price Surge Reveals About Figure Technology Solutions Following SEC Settlement

    MAC Brings iPad Technology to Football Sidelines Across All 13 Member Schools – Sports Video Group

    MAC Brings iPad Technology to Football Sidelines Across All 13 Member Schools – Sports Video Group

    Technology Is Becoming More Important Than Humans In CX – No Jitter

    Technology Is Becoming More Important Than Humans In CX – No Jitter

    A Tech Expo Shows What China Can Make, but Not Who’ll Buy It All – The New York Times

    Inside China’s Tech Expo: Cutting-Edge Innovations Face Uncertain Demand

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

New Fog ransomware targets US education sector via breached VPNs

June 7, 2024
in Technology
New Fog ransomware targets US education sector via breached VPNs
Share on FacebookShare on Twitter

Fog

A new ransomware operation named ‘Fog’ launched in early May 2024, using compromised VPN credentials to breach the networks of educational organizations in the U.S.

Fog was discovered by Arctic Wolf Labs, which reported that the ransomware operation has not set up an extortion portal yet and was not observed stealing data.

However, BleepingComputer can confirm the ransomware gang steals data for double-extortion attacks, using the data as leverage to scare victims into paying.

VPNs for initial access

Fog’s operators accessed victim environments using compromised VPN credentials from at least two different VPN gateway vendors.

“In each of the cases investigated, forensic evidence indicated that threat actors were able to access victim environments by leveraging compromised VPN credentials,” explains Artic Wolf Labs.

“Notably, the remote access occurred through two separate VPN gateway vendors. The last documented threat activity in our cases occurred on May 23, 2024.”

Once they gain access to the internal network, the attackers perform “pass-the-hash” attacks on administrator accounts, which are used to establish RDP connections to Windows servers running Hyper-V.

Alternatively, credential stuffing is used to hijack valuable accounts, followed by PsExec deployment on multiple hosts.

On Windows servers, Fog operators disable Windows Defender to prevent notifications alerting the victim before the execution of the encrypter.

When the ransomware is deployed, it performs Windows API calls to gather information about the system, such as the number of available logical processors to allocate threads for a multi-threaded encryption routine.

Before starting the encryption, the ransomware terminates a list of processes and services based on a hardcoded list in its configuration.

The ransomware encrypts VMDK files in Virtual Machine (VM) storage and deletes backups from object storage in Veeam and Windows volume shadow copies to prevent easy restoration.

Encrypted files are appended the ‘.FOG’ or ‘.FLOCKED’ extension, though this can be set from the JSON-based configuration block to anything the operator wants.

Finally, a ransom note is created and dropped on impacted directories, providing instructions to the victims on paying for a decryption key that will help them get their files back.

From an attack seen by BleepingComputer, the ransom note is named readme.txt and contains a link to a Tor dark website used for negotiation. This site is a basic chat interface allowing the ransomware victim to negotiate a ransom demand with the threat actors and get a list of stolen files.

Fog ransom noteFog ransom note
Source: BleepingComputer

BleepingComputer can also confirm that the Tor negotiation site is the same for both the .FOG and .FLOCKED extensions, with ongoing attacks using either extension.

In an attack seen by BleepingComputer, the ransomware gang demanded hundreds of thousands to receive a decryptor and delete the stolen data. However, it is likely more for larger companies.

Arctic Wolf Labs says it is currently unclear if Fog operates as an open ransomware-as-a-service (RaaS) that accepts affiliates or if a small private circle of cybercriminals is behind it.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : BleepingComputer – https://www.bleepingcomputer.com/news/security/new-fog-ransomware-targets-us-education-sector-via-breached-vpns/

Tags: Ransomwaretargetstechnology
Previous Post

New Gitloker attacks wipe GitHub repos in extortion scheme

Next Post

Ukraine says hackers abuse SyncThing data sync tool to steal data

Frustrations grow around Bill Belichick and North Carolina after team’s porous start to the 2025 season – Yahoo Sports

Frustrations grow around Bill Belichick and North Carolina after team’s porous start to the 2025 season – Yahoo Sports

October 7, 2025
Jason Anderson Signs for Suzuki for 2026 SMX World Championship – Monster Energy AMA Supercross

Jason Anderson Signs for Suzuki for 2026 SMX World Championship – Monster Energy AMA Supercross

October 7, 2025
Downtown St. Paul’s economy showing new life after state employees mandated to return to office – 5 EYEWITNESS NEWS

Downtown St. Paul Thrives Again as State Employees Return to the Office

October 7, 2025
No, Anthony Boyle Didn’t Use a Prosthetic in His House of Guinness Bath Scene – Yahoo

Anthony Boyle Opens Up About the Shocking Truth Behind His House of Gucci Bath Scene

October 7, 2025
Ozzy Osbourne documentary reveals agonizing health struggles of his final years – USA Today

Inside Ozzy Osbourne’s Heartbreaking Battle with Health in His Final Years

October 7, 2025
Latino leaders explore the role community organizing can play in national politics – OSV News

Latino Leaders Unite to Amplify Community Power and Drive National Change

October 7, 2025
Ecology blazing the trail for more clean energy projects – Washington State Department of Ecology (.gov)

How Ecology is Powering the Shift to a Greener Energy Future

October 7, 2025
Penn State Brandywine Earth sciences professor earns two national awards – Penn State University

Penn State Brandywine Earth sciences professor earns two national awards – Penn State University

October 7, 2025
UNESCO and CODATA launch resources on open science for crisis response – unesco.org

UNESCO and CODATA Launch Innovative Open Science Tools to Enhance Crisis Response

October 7, 2025
New Engen Report Identifies Key Trends and Winning Strategies for Active Lifestyle Brands in 2025 and Beyond – Fitt Insider

New Engen Report Identifies Key Trends and Winning Strategies for Active Lifestyle Brands in 2025 and Beyond – Fitt Insider

October 7, 2025

Categories

Archives

October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  
« Sep    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (855)
  • Economy (876)
  • Entertainment (21,749)
  • General (17,458)
  • Health (9,918)
  • Lifestyle (888)
  • News (22,149)
  • People (877)
  • Politics (887)
  • Science (16,086)
  • Sports (21,377)
  • Technology (15,856)
  • World (859)

Recent News

Frustrations grow around Bill Belichick and North Carolina after team’s porous start to the 2025 season – Yahoo Sports

Frustrations grow around Bill Belichick and North Carolina after team’s porous start to the 2025 season – Yahoo Sports

October 7, 2025
Jason Anderson Signs for Suzuki for 2026 SMX World Championship – Monster Energy AMA Supercross

Jason Anderson Signs for Suzuki for 2026 SMX World Championship – Monster Energy AMA Supercross

October 7, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version