* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Thursday, May 22, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    San Jose eyes creation of entertainments zones with FIFA World Cup, Super Bowl LX on the horizon – The Mercury News

    San Jose Sets Its Sights on Exciting Entertainment Zones Ahead of FIFA World Cup and Super Bowl LX!

    Wilmington’s future of fun: 5 recreation and entertainment spaces planned in the Port City – Wilmington Star-News

    Exciting Developments Ahead: 5 New Recreation and Entertainment Spaces Coming to Wilmington!

    Jason Momoa Is Done With Peace in Apple’s ‘Chief of War’ Teaser – Yahoo

    Jason Momoa Embraces Chaos in Gripping Teaser for Apple’s ‘Chief of War’

    AI Entertainment Studio Promise Inks Deal With Google, Raises Investment from Michael Ovitz’s Crossbeam – The Hollywood Reporter

    AI Entertainment Studio Promise Secures Major Deal with Google and Attracts Investment from Michael Ovitz’s Crossbeam!

    Jennifer Lawrence and Robert Pattinson Did This “Humiliating” Thing to Prep for Sex Scenes – Yahoo

    Jennifer Lawrence and Robert Pattinson’s Hilarious Preparation for Steamy Sex Scenes!

    Meet the Cast of FX’s New Comedy ‘Adults’ – WFXG

    Meet the Cast of FX’s New Comedy ‘Adults’ – WFXG

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Aera Technology Debuts Decision Intelligence Skill to Navigate Shifting Tariff Dynamics Across Value Chains – Silicon Canals

    Unlocking Success: Aera Technology Launches Innovative Decision Intelligence Skill to Tackle Evolving Tariff Challenges in Value Chains

    Auditory Processing and Psychosocial Improvements with Remote Microphone Technology: An Evidence Review – The Hearing Review

    Unlocking Sound: How Remote Microphone Technology Enhances Auditory Processing and Boosts Psychosocial Well-Being

    Quadient and Nuvei Forge Strategic Technology Partnership – Finovate

    Quadient and Nuvei Forge Strategic Technology Partnership – Finovate

    Novotech Honored with Triple Win in 2025 Pharmaceutical Technology Excellence Awards – Morningstar

    Novotech Celebrates Triple Triumph at the 2025 Pharmaceutical Technology Excellence Awards!

    Experts Issue Warning on New TSA Technology – Men’s Journal

    Experts Sound Alarm Over New TSA Technology: What You Need to Know

    Cellino’s iPSC Manufacturing Technology Receives FDA Advanced Manufacturing Technology (AMT) Designation – Business Wire

    Cellino’s Groundbreaking iPSC Manufacturing Technology Earns FDA’s Advanced Manufacturing Designation!

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    San Jose eyes creation of entertainments zones with FIFA World Cup, Super Bowl LX on the horizon – The Mercury News

    San Jose Sets Its Sights on Exciting Entertainment Zones Ahead of FIFA World Cup and Super Bowl LX!

    Wilmington’s future of fun: 5 recreation and entertainment spaces planned in the Port City – Wilmington Star-News

    Exciting Developments Ahead: 5 New Recreation and Entertainment Spaces Coming to Wilmington!

    Jason Momoa Is Done With Peace in Apple’s ‘Chief of War’ Teaser – Yahoo

    Jason Momoa Embraces Chaos in Gripping Teaser for Apple’s ‘Chief of War’

    AI Entertainment Studio Promise Inks Deal With Google, Raises Investment from Michael Ovitz’s Crossbeam – The Hollywood Reporter

    AI Entertainment Studio Promise Secures Major Deal with Google and Attracts Investment from Michael Ovitz’s Crossbeam!

    Jennifer Lawrence and Robert Pattinson Did This “Humiliating” Thing to Prep for Sex Scenes – Yahoo

    Jennifer Lawrence and Robert Pattinson’s Hilarious Preparation for Steamy Sex Scenes!

    Meet the Cast of FX’s New Comedy ‘Adults’ – WFXG

    Meet the Cast of FX’s New Comedy ‘Adults’ – WFXG

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Aera Technology Debuts Decision Intelligence Skill to Navigate Shifting Tariff Dynamics Across Value Chains – Silicon Canals

    Unlocking Success: Aera Technology Launches Innovative Decision Intelligence Skill to Tackle Evolving Tariff Challenges in Value Chains

    Auditory Processing and Psychosocial Improvements with Remote Microphone Technology: An Evidence Review – The Hearing Review

    Unlocking Sound: How Remote Microphone Technology Enhances Auditory Processing and Boosts Psychosocial Well-Being

    Quadient and Nuvei Forge Strategic Technology Partnership – Finovate

    Quadient and Nuvei Forge Strategic Technology Partnership – Finovate

    Novotech Honored with Triple Win in 2025 Pharmaceutical Technology Excellence Awards – Morningstar

    Novotech Celebrates Triple Triumph at the 2025 Pharmaceutical Technology Excellence Awards!

    Experts Issue Warning on New TSA Technology – Men’s Journal

    Experts Sound Alarm Over New TSA Technology: What You Need to Know

    Cellino’s iPSC Manufacturing Technology Receives FDA Advanced Manufacturing Technology (AMT) Designation – Business Wire

    Cellino’s Groundbreaking iPSC Manufacturing Technology Earns FDA’s Advanced Manufacturing Designation!

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

New Fog ransomware targets US education sector via breached VPNs

June 7, 2024
in Technology
New Fog ransomware targets US education sector via breached VPNs
Share on FacebookShare on Twitter

Fog

A new ransomware operation named ‘Fog’ launched in early May 2024, using compromised VPN credentials to breach the networks of educational organizations in the U.S.

Fog was discovered by Arctic Wolf Labs, which reported that the ransomware operation has not set up an extortion portal yet and was not observed stealing data.

However, BleepingComputer can confirm the ransomware gang steals data for double-extortion attacks, using the data as leverage to scare victims into paying.

VPNs for initial access

Fog’s operators accessed victim environments using compromised VPN credentials from at least two different VPN gateway vendors.

“In each of the cases investigated, forensic evidence indicated that threat actors were able to access victim environments by leveraging compromised VPN credentials,” explains Artic Wolf Labs.

“Notably, the remote access occurred through two separate VPN gateway vendors. The last documented threat activity in our cases occurred on May 23, 2024.”

Once they gain access to the internal network, the attackers perform “pass-the-hash” attacks on administrator accounts, which are used to establish RDP connections to Windows servers running Hyper-V.

Alternatively, credential stuffing is used to hijack valuable accounts, followed by PsExec deployment on multiple hosts.

On Windows servers, Fog operators disable Windows Defender to prevent notifications alerting the victim before the execution of the encrypter.

When the ransomware is deployed, it performs Windows API calls to gather information about the system, such as the number of available logical processors to allocate threads for a multi-threaded encryption routine.

Before starting the encryption, the ransomware terminates a list of processes and services based on a hardcoded list in its configuration.

The ransomware encrypts VMDK files in Virtual Machine (VM) storage and deletes backups from object storage in Veeam and Windows volume shadow copies to prevent easy restoration.

Encrypted files are appended the ‘.FOG’ or ‘.FLOCKED’ extension, though this can be set from the JSON-based configuration block to anything the operator wants.

Finally, a ransom note is created and dropped on impacted directories, providing instructions to the victims on paying for a decryption key that will help them get their files back.

From an attack seen by BleepingComputer, the ransom note is named readme.txt and contains a link to a Tor dark website used for negotiation. This site is a basic chat interface allowing the ransomware victim to negotiate a ransom demand with the threat actors and get a list of stolen files.

Fog ransom noteFog ransom note
Source: BleepingComputer

BleepingComputer can also confirm that the Tor negotiation site is the same for both the .FOG and .FLOCKED extensions, with ongoing attacks using either extension.

In an attack seen by BleepingComputer, the ransomware gang demanded hundreds of thousands to receive a decryptor and delete the stolen data. However, it is likely more for larger companies.

Arctic Wolf Labs says it is currently unclear if Fog operates as an open ransomware-as-a-service (RaaS) that accepts affiliates or if a small private circle of cybercriminals is behind it.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : BleepingComputer – https://www.bleepingcomputer.com/news/security/new-fog-ransomware-targets-us-education-sector-via-breached-vpns/

Tags: Ransomwaretargetstechnology
Previous Post

New Gitloker attacks wipe GitHub repos in extortion scheme

Next Post

Ukraine says hackers abuse SyncThing data sync tool to steal data

The pan-tropical age distribution of regenerating tropical moist forest – Nature

Exploring the Age Diversity of Regenerating Tropical Moist Forests

May 22, 2025
Submerged in Science – eos.org

Exploring the Depths: Unveiling the Secrets of Submerged Science

May 22, 2025
Entertainment this Week: Public Tours at Science Center, Wildflower walk and more! – Sierra Sun

Explore Exciting Adventures: Join Public Tours at the Science Center, Discover Wildflower Walks, and More!

May 22, 2025
Bored with manicured lawns, some homeowners adopt No Mow May all year long – AP News

Embracing Nature: Why More Homeowners Are Ditching Manicured Lawns for Year-Round No Mow May

May 22, 2025
Another White House ambush sends a message to world leaders entering Donald Trump’s den – Australian Broadcasting Corporation

Trump’s Den: A Bold Message to World Leaders Amidst Another White House Ambush

May 22, 2025
I booked basic economy on JetBlue and got a premium coach seat. I’d only splurge on the $180 upgrade for long flights. – Business Insider

I booked basic economy on JetBlue and got a premium coach seat. I’d only splurge on the $180 upgrade for long flights. – Business Insider

May 22, 2025
Has The Curse of Oak Island Season 13 Been Canceled or Renewed – Yahoo

Is Season 13 of The Curse of Oak Island Canceled or Renewed? Find Out the Latest!

May 22, 2025
‘Pay now or pay greater later’: Mass. health centers CEO warns Medicaid cuts will lead to higher costs and strain to health system – CommonWealth Beacon

Urgent Warning: Medicaid Cuts Could Drive Up Healthcare Costs and Strain Our System

May 22, 2025
After Biden and Connolly, Some Democrats Wonder: Should Age and Term Limits Exist? – The New York Times

Should Age and Term Limits Be Implemented? A Growing Debate Among Democrats

May 22, 2025
Aera Technology Debuts Decision Intelligence Skill to Navigate Shifting Tariff Dynamics Across Value Chains – Silicon Canals

Unlocking Success: Aera Technology Launches Innovative Decision Intelligence Skill to Tackle Evolving Tariff Challenges in Value Chains

May 22, 2025

Categories

Archives

May 2025
MTWTFSS
 1234
567891011
12131415161718
19202122232425
262728293031 
« Apr    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (630)
  • Economy (643)
  • Entertainment (21,556)
  • General (15,226)
  • Health (9,684)
  • Lifestyle (648)
  • News (22,149)
  • People (646)
  • Politics (651)
  • Science (15,867)
  • Sports (21,153)
  • Technology (15,633)
  • World (633)

Recent News

The pan-tropical age distribution of regenerating tropical moist forest – Nature

Exploring the Age Diversity of Regenerating Tropical Moist Forests

May 22, 2025
Submerged in Science – eos.org

Exploring the Depths: Unveiling the Secrets of Submerged Science

May 22, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version