* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Saturday, July 12, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    How you can see new movies early – Yahoo

    Unlock the Secret to Watching New Movies Before Everyone Else!

    Immersive sports and entertainment venue Cosm set to build its 5th location in Cleveland – WKYC

    Cosm Reveals Exciting Vision for Its 5th Immersive Sports and Entertainment Venue in Cleveland

    Monumental Sports & Entertainment’s Samantha Brady on the Power of the RSN’s Direct-to-Consumer Streaming Service Monumental+ – Sports Video Group

    Samantha Brady Reveals How Monumental+ is Transforming Sports Streaming with Direct-to-Consumer Access

    Moses Singer Welcomes Entertainment and Intellectual Property Partner Frederick Bimbler – Yahoo Finance

    Moses Singer Expands Team with New Entertainment and Intellectual Property Partner Frederick Bimbler

    Longhua District and Max-Matching Entertainments, supported by RWS Global forge strategic partnership to develop international IP-themed entertainment complex – Amusement Today

    Longhua District and Max-Matching Entertainments, supported by RWS Global forge strategic partnership to develop international IP-themed entertainment complex – Amusement Today

    Government whip to withdraw Entertainment Complex Bill on July 9 – Nation Thailand

    Government whip to withdraw Entertainment Complex Bill on July 9 – Nation Thailand

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Stallion Uranium Provides Update on Technology Data Acquisition Agreement – GlobeNewswire

    Stallion Uranium Announces Exciting Progress in Technology Data Acquisition Agreement

    2025 WE Local Prague Recap: Inspiring Women in Engineering and Technology – Society of Women Engineers

    2025 WE Local Prague Recap: Inspiring Women in Engineering and Technology – Society of Women Engineers

    SMPTE Opens Early Bird Registration for Media Technology Summit – TVTechnology

    SMPTE Launches Early Bird Registration for Exciting Media Technology Summit

    Google Fiber puts Nokia network slicing technology to the test – Fierce Network

    Google Fiber Puts Nokia’s Network Slicing Technology to the Ultimate Test

    Kaseya Extends Community Investment with Addition of Technology Marketing Toolkit – Kaseya

    Kaseya Extends Community Investment with Addition of Technology Marketing Toolkit – Kaseya

    AI and the Trust Revolution: How Technology Is Transforming Human Connections – Foreign Affairs

    AI and the Trust Revolution: How Technology Is Transforming Human Connections – Foreign Affairs

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    How you can see new movies early – Yahoo

    Unlock the Secret to Watching New Movies Before Everyone Else!

    Immersive sports and entertainment venue Cosm set to build its 5th location in Cleveland – WKYC

    Cosm Reveals Exciting Vision for Its 5th Immersive Sports and Entertainment Venue in Cleveland

    Monumental Sports & Entertainment’s Samantha Brady on the Power of the RSN’s Direct-to-Consumer Streaming Service Monumental+ – Sports Video Group

    Samantha Brady Reveals How Monumental+ is Transforming Sports Streaming with Direct-to-Consumer Access

    Moses Singer Welcomes Entertainment and Intellectual Property Partner Frederick Bimbler – Yahoo Finance

    Moses Singer Expands Team with New Entertainment and Intellectual Property Partner Frederick Bimbler

    Longhua District and Max-Matching Entertainments, supported by RWS Global forge strategic partnership to develop international IP-themed entertainment complex – Amusement Today

    Longhua District and Max-Matching Entertainments, supported by RWS Global forge strategic partnership to develop international IP-themed entertainment complex – Amusement Today

    Government whip to withdraw Entertainment Complex Bill on July 9 – Nation Thailand

    Government whip to withdraw Entertainment Complex Bill on July 9 – Nation Thailand

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Stallion Uranium Provides Update on Technology Data Acquisition Agreement – GlobeNewswire

    Stallion Uranium Announces Exciting Progress in Technology Data Acquisition Agreement

    2025 WE Local Prague Recap: Inspiring Women in Engineering and Technology – Society of Women Engineers

    2025 WE Local Prague Recap: Inspiring Women in Engineering and Technology – Society of Women Engineers

    SMPTE Opens Early Bird Registration for Media Technology Summit – TVTechnology

    SMPTE Launches Early Bird Registration for Exciting Media Technology Summit

    Google Fiber puts Nokia network slicing technology to the test – Fierce Network

    Google Fiber Puts Nokia’s Network Slicing Technology to the Ultimate Test

    Kaseya Extends Community Investment with Addition of Technology Marketing Toolkit – Kaseya

    Kaseya Extends Community Investment with Addition of Technology Marketing Toolkit – Kaseya

    AI and the Trust Revolution: How Technology Is Transforming Human Connections – Foreign Affairs

    AI and the Trust Revolution: How Technology Is Transforming Human Connections – Foreign Affairs

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

New Fog ransomware targets US education sector via breached VPNs

June 7, 2024
in Technology
New Fog ransomware targets US education sector via breached VPNs
Share on FacebookShare on Twitter

Fog

A new ransomware operation named ‘Fog’ launched in early May 2024, using compromised VPN credentials to breach the networks of educational organizations in the U.S.

Fog was discovered by Arctic Wolf Labs, which reported that the ransomware operation has not set up an extortion portal yet and was not observed stealing data.

However, BleepingComputer can confirm the ransomware gang steals data for double-extortion attacks, using the data as leverage to scare victims into paying.

VPNs for initial access

Fog’s operators accessed victim environments using compromised VPN credentials from at least two different VPN gateway vendors.

“In each of the cases investigated, forensic evidence indicated that threat actors were able to access victim environments by leveraging compromised VPN credentials,” explains Artic Wolf Labs.

“Notably, the remote access occurred through two separate VPN gateway vendors. The last documented threat activity in our cases occurred on May 23, 2024.”

Once they gain access to the internal network, the attackers perform “pass-the-hash” attacks on administrator accounts, which are used to establish RDP connections to Windows servers running Hyper-V.

Alternatively, credential stuffing is used to hijack valuable accounts, followed by PsExec deployment on multiple hosts.

On Windows servers, Fog operators disable Windows Defender to prevent notifications alerting the victim before the execution of the encrypter.

When the ransomware is deployed, it performs Windows API calls to gather information about the system, such as the number of available logical processors to allocate threads for a multi-threaded encryption routine.

Before starting the encryption, the ransomware terminates a list of processes and services based on a hardcoded list in its configuration.

The ransomware encrypts VMDK files in Virtual Machine (VM) storage and deletes backups from object storage in Veeam and Windows volume shadow copies to prevent easy restoration.

Encrypted files are appended the ‘.FOG’ or ‘.FLOCKED’ extension, though this can be set from the JSON-based configuration block to anything the operator wants.

Finally, a ransom note is created and dropped on impacted directories, providing instructions to the victims on paying for a decryption key that will help them get their files back.

From an attack seen by BleepingComputer, the ransom note is named readme.txt and contains a link to a Tor dark website used for negotiation. This site is a basic chat interface allowing the ransomware victim to negotiate a ransom demand with the threat actors and get a list of stolen files.

Fog ransom noteFog ransom note
Source: BleepingComputer

BleepingComputer can also confirm that the Tor negotiation site is the same for both the .FOG and .FLOCKED extensions, with ongoing attacks using either extension.

In an attack seen by BleepingComputer, the ransomware gang demanded hundreds of thousands to receive a decryptor and delete the stolen data. However, it is likely more for larger companies.

Arctic Wolf Labs says it is currently unclear if Fog operates as an open ransomware-as-a-service (RaaS) that accepts affiliates or if a small private circle of cybercriminals is behind it.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : BleepingComputer – https://www.bleepingcomputer.com/news/security/new-fog-ransomware-targets-us-education-sector-via-breached-vpns/

Tags: Ransomwaretargetstechnology
Previous Post

New Gitloker attacks wipe GitHub repos in extortion scheme

Next Post

Ukraine says hackers abuse SyncThing data sync tool to steal data

Pope prays for conversion of those who don’t ‘recognize the urgency’ of caring for creation – OSV News

Pope prays for conversion of those who don’t ‘recognize the urgency’ of caring for creation – OSV News

July 12, 2025
New, non-profit in Baldwin County aims at helping fund forensic science related investigations – fox10tv.com

New, non-profit in Baldwin County aims at helping fund forensic science related investigations – fox10tv.com

July 12, 2025
Major Gifts Transform Marine Science at William & Mary and VIMS – Virginia Living

Transformative Major Gifts Propel Marine Science Breakthroughs at William & Mary and VIMS

July 12, 2025
CatanaGroup Launches SEATY: A New Floating Lifestyle Concept – Cruising World Magazine

CatanaGroup Unveils SEATY: Dive Into the Ultimate Floating Lifestyle Experience

July 12, 2025
Readers, we need your help picking the best high school football team – Tulsa World

Vote Now for the Ultimate High School Football Champion!

July 12, 2025
An economy in India lifted by women – The Christian Science Monitor

An economy in India lifted by women – The Christian Science Monitor

July 12, 2025
How you can see new movies early – Yahoo

Unlock the Secret to Watching New Movies Before Everyone Else!

July 12, 2025
Why it’s a rough time to be a health insurer – Axios

Why it’s a rough time to be a health insurer – Axios

July 12, 2025
State Department is firing more than 1,300 staff on Friday – CNN

Over 1,300 State Department Employees Face Layoffs This Friday

July 12, 2025
Southland Conference and Spiideo Partner to Bring Cloud-Based Replay and Video Technology to Seven Sports – Sports Video Group

Southland Conference Partners with Spiideo to Transform Replay and Video Technology Across Seven Sports

July 11, 2025

Categories

Archives

July 2025
MTWTFSS
 123456
78910111213
14151617181920
21222324252627
28293031 
« Jun    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (717)
  • Economy (740)
  • Entertainment (21,627)
  • General (15,847)
  • Health (9,777)
  • Lifestyle (747)
  • News (22,149)
  • People (742)
  • Politics (750)
  • Science (15,958)
  • Sports (21,238)
  • Technology (15,724)
  • World (723)

Recent News

Pope prays for conversion of those who don’t ‘recognize the urgency’ of caring for creation – OSV News

Pope prays for conversion of those who don’t ‘recognize the urgency’ of caring for creation – OSV News

July 12, 2025
New, non-profit in Baldwin County aims at helping fund forensic science related investigations – fox10tv.com

New, non-profit in Baldwin County aims at helping fund forensic science related investigations – fox10tv.com

July 12, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version