Advertising
Not much is known about the threat actors behind the new ransomware variant called Fog. So far, only US organizations have been affected, mainly educational institutions.
Arctic Wolf Labs has been tracking the spread of a new ransomware variant called Fog since early May 2024. In several cases, the Arctic Wolf Incident Response (IR) team has observed ransomware activity that shared similar characteristics. All affected organizations are located in the United States.
Advertising
Key findings about Fog:
- The threat actors behind Fog Ransomware use credential abuse, but deviate from the usual approach of most ransomware attacks.
- It seems like they are more focused on quick payouts rather than long-term, strategic attacks.
- Although the peak period for cyberattacks on educational institutions is usually at the beginning of the semester or school year, most of the companies affected by Fog Ransomware are in the education sector (80%), while another 20 percent are in the leisure sector.
About Arctic Wolf Arctic Wolf is a global leader in security operations, providing the first cloud-native security operations platform to mitigate cyber risk. Based on threat telemetry spanning endpoint, network and cloud sources, the Arctic Wolf® Security Operations Cloud analyzes more than 1,6 trillion security events per week worldwide. It provides company-critical insights into almost all security use cases and optimizes customers' heterogeneous security solutions. The Arctic Wolf platform is used by more than 2.000 customers worldwide. It provides automated threat detection and response, enabling organizations of all sizes to set up world-class security operations at the push of a button.