* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Monday, August 25, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    ‘When Calls the Heart’ Fans All Want the Same Thing After Seeing the Show’s Latest Update – yahoo.com

    When Calls the Heart’ Fans Rally Together in Excitement Over Exciting New Update!

    Quotes of the Week: Peacemaker, Project Runway, Countdown and More – yahoo.com

    This Week’s Most Memorable Quotes from Peacemaker, Project Runway, Countdown, and More!

    Drake Appears in Teaser for Bobbi Althoff’s New Podcast ‘Not This Again’ – yahoo.com

    Drake Drops a Surprise Cameo in Bobbi Althoff’s Thrilling New Podcast Teaser ‘Not This Again

    From polka to Poison, Corn Palace adjusts entertainment offerings with the times – Mitchell Republic

    From polka to Poison, Corn Palace adjusts entertainment offerings with the times – Mitchell Republic

    How to watch ‘F1: The Movie’ on Prime Video – About Amazon

    Experience the Thrill: How to Stream ‘F1: The Movie’ on Prime Video

    FOX One is now available on Prime Video: Here’s everything to know – About Amazon

    FOX One is now available on Prime Video: Here’s everything to know – About Amazon

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Figure Technology Solutions, Inc. Files Registration Statement for Proposed Initial Public Offering – Business Wire

    Figure Technology Solutions, Inc. Unveils Exciting Plans for Its Upcoming Initial Public Offering

    UNLV Responds to Workforce Need with Microcredential in Nuclear Technology – University of Nevada, Las Vegas | UNLV

    UNLV Unveils Cutting-Edge Microcredential Program to Fuel Growth in Nuclear Technology

    Why Technology Will Never Take Over Completely – Patheos

    Why Technology Will Never Completely Control Our Lives

    Alcorn State awarded grant to boost STEM with VR technology – WJTV

    Alcorn State Secures Grant to Transform STEM Education Through Cutting-Edge VR Technology

    Hyundai: The Only Way To Beat China Is To Embrace Technology – InsideEVs

    Hyundai’s Bold Strategy to Outpace China with Cutting-Edge Technology

    Teaching older adults how to use technology – WWNY

    Empowering Older Adults to Master Technology with Confidence

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    ‘When Calls the Heart’ Fans All Want the Same Thing After Seeing the Show’s Latest Update – yahoo.com

    When Calls the Heart’ Fans Rally Together in Excitement Over Exciting New Update!

    Quotes of the Week: Peacemaker, Project Runway, Countdown and More – yahoo.com

    This Week’s Most Memorable Quotes from Peacemaker, Project Runway, Countdown, and More!

    Drake Appears in Teaser for Bobbi Althoff’s New Podcast ‘Not This Again’ – yahoo.com

    Drake Drops a Surprise Cameo in Bobbi Althoff’s Thrilling New Podcast Teaser ‘Not This Again

    From polka to Poison, Corn Palace adjusts entertainment offerings with the times – Mitchell Republic

    From polka to Poison, Corn Palace adjusts entertainment offerings with the times – Mitchell Republic

    How to watch ‘F1: The Movie’ on Prime Video – About Amazon

    Experience the Thrill: How to Stream ‘F1: The Movie’ on Prime Video

    FOX One is now available on Prime Video: Here’s everything to know – About Amazon

    FOX One is now available on Prime Video: Here’s everything to know – About Amazon

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Figure Technology Solutions, Inc. Files Registration Statement for Proposed Initial Public Offering – Business Wire

    Figure Technology Solutions, Inc. Unveils Exciting Plans for Its Upcoming Initial Public Offering

    UNLV Responds to Workforce Need with Microcredential in Nuclear Technology – University of Nevada, Las Vegas | UNLV

    UNLV Unveils Cutting-Edge Microcredential Program to Fuel Growth in Nuclear Technology

    Why Technology Will Never Take Over Completely – Patheos

    Why Technology Will Never Completely Control Our Lives

    Alcorn State awarded grant to boost STEM with VR technology – WJTV

    Alcorn State Secures Grant to Transform STEM Education Through Cutting-Edge VR Technology

    Hyundai: The Only Way To Beat China Is To Embrace Technology – InsideEVs

    Hyundai’s Bold Strategy to Outpace China with Cutting-Edge Technology

    Teaching older adults how to use technology – WWNY

    Empowering Older Adults to Master Technology with Confidence

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

New Fog ransomware targets US education sector via breached VPNs

June 7, 2024
in Technology
New Fog ransomware targets US education sector via breached VPNs
Share on FacebookShare on Twitter

Fog

A new ransomware operation named ‘Fog’ launched in early May 2024, using compromised VPN credentials to breach the networks of educational organizations in the U.S.

Fog was discovered by Arctic Wolf Labs, which reported that the ransomware operation has not set up an extortion portal yet and was not observed stealing data.

However, BleepingComputer can confirm the ransomware gang steals data for double-extortion attacks, using the data as leverage to scare victims into paying.

VPNs for initial access

Fog’s operators accessed victim environments using compromised VPN credentials from at least two different VPN gateway vendors.

“In each of the cases investigated, forensic evidence indicated that threat actors were able to access victim environments by leveraging compromised VPN credentials,” explains Artic Wolf Labs.

“Notably, the remote access occurred through two separate VPN gateway vendors. The last documented threat activity in our cases occurred on May 23, 2024.”

Once they gain access to the internal network, the attackers perform “pass-the-hash” attacks on administrator accounts, which are used to establish RDP connections to Windows servers running Hyper-V.

Alternatively, credential stuffing is used to hijack valuable accounts, followed by PsExec deployment on multiple hosts.

On Windows servers, Fog operators disable Windows Defender to prevent notifications alerting the victim before the execution of the encrypter.

When the ransomware is deployed, it performs Windows API calls to gather information about the system, such as the number of available logical processors to allocate threads for a multi-threaded encryption routine.

Before starting the encryption, the ransomware terminates a list of processes and services based on a hardcoded list in its configuration.

The ransomware encrypts VMDK files in Virtual Machine (VM) storage and deletes backups from object storage in Veeam and Windows volume shadow copies to prevent easy restoration.

Encrypted files are appended the ‘.FOG’ or ‘.FLOCKED’ extension, though this can be set from the JSON-based configuration block to anything the operator wants.

Finally, a ransom note is created and dropped on impacted directories, providing instructions to the victims on paying for a decryption key that will help them get their files back.

From an attack seen by BleepingComputer, the ransom note is named readme.txt and contains a link to a Tor dark website used for negotiation. This site is a basic chat interface allowing the ransomware victim to negotiate a ransom demand with the threat actors and get a list of stolen files.

Fog ransom noteFog ransom note
Source: BleepingComputer

BleepingComputer can also confirm that the Tor negotiation site is the same for both the .FOG and .FLOCKED extensions, with ongoing attacks using either extension.

In an attack seen by BleepingComputer, the ransomware gang demanded hundreds of thousands to receive a decryptor and delete the stolen data. However, it is likely more for larger companies.

Arctic Wolf Labs says it is currently unclear if Fog operates as an open ransomware-as-a-service (RaaS) that accepts affiliates or if a small private circle of cybercriminals is behind it.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : BleepingComputer – https://www.bleepingcomputer.com/news/security/new-fog-ransomware-targets-us-education-sector-via-breached-vpns/

Tags: Ransomwaretargetstechnology
Previous Post

New Gitloker attacks wipe GitHub repos in extortion scheme

Next Post

Ukraine says hackers abuse SyncThing data sync tool to steal data

Dengue – World Health Organization (WHO)

Dengue – World Health Organization (WHO)

August 25, 2025
5 Years On, China’s Property Crisis Has No End in Sight – The New York Times

Five Years Later, China’s Property Crisis Shows No Signs of Easing

August 25, 2025
‘When Calls the Heart’ Fans All Want the Same Thing After Seeing the Show’s Latest Update – yahoo.com

When Calls the Heart’ Fans Rally Together in Excitement Over Exciting New Update!

August 25, 2025
State regulators approve sharp health insurance rate increases – Insurance Business America

State Regulators Greenlight Steep Health Insurance Rate Hikes

August 25, 2025
Pols & Politics: Audit finds Mass. government fraudulent spending nearly doubled in Q4 – Boston Herald

Pols & Politics: Audit finds Mass. government fraudulent spending nearly doubled in Q4 – Boston Herald

August 25, 2025
Eightmile Dam rebuild & restoration – Washington State Department of Ecology (.gov)

Breathing New Life into Eightmile Dam: An Ambitious Rebuild and Restoration Effort

August 24, 2025
Scientists Sequenced the DNA of the ‘Last Neanderthal’—and It Alters Human History – yahoo.com

Scientists Unlock the DNA of the ‘Last Neanderthal,’ Revolutionizing Our View of Human History

August 24, 2025
RIKEN, Japan’s Leading Science Institute, Taps Fujitsu and NVIDIA for Next Flagship Supercomputer – NVIDIA Blog

Japan’s Leading Science Institute Teams Up with Fujitsu and NVIDIA to Create Next-Generation Supercomputer

August 24, 2025
Is a relief rally coming for Equity LifeStyle Properties Inc. holders – July 2025 Retail & Weekly High Return Opportunities – Newser

Is a relief rally coming for Equity LifeStyle Properties Inc. holders – July 2025 Retail & Weekly High Return Opportunities – Newser

August 24, 2025
Figure Technology Solutions, Inc. Files Registration Statement for Proposed Initial Public Offering – Business Wire

Figure Technology Solutions, Inc. Unveils Exciting Plans for Its Upcoming Initial Public Offering

August 24, 2025

Categories

Archives

August 2025
MTWTFSS
 123
45678910
11121314151617
18192021222324
25262728293031
« Jul    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (788)
  • Economy (809)
  • Entertainment (21,688)
  • General (16,657)
  • Health (9,849)
  • Lifestyle (821)
  • News (22,149)
  • People (810)
  • Politics (818)
  • Science (16,020)
  • Sports (21,307)
  • Technology (15,789)
  • World (790)

Recent News

Dengue – World Health Organization (WHO)

Dengue – World Health Organization (WHO)

August 25, 2025
5 Years On, China’s Property Crisis Has No End in Sight – The New York Times

Five Years Later, China’s Property Crisis Shows No Signs of Easing

August 25, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version