Artic Wolfs Labs recently uncovered a novel ransomware variant dubbed FOG during their latest research on cyberattacks targeting organizations within the education sector. Primarily, the perpetrators are focusing their efforts on firms based in the United States, with a smaller percentage targeting recreational sectors such as wellness and fitness.
As previously mentioned, Fog operates as a malicious file-encrypting malware. Those behind its dissemination are operating covertly, likely affiliated with ransomware-as-a-service operations. Security researchers conducting investigations into Fog have determined that the perpetrators exploit VPN credentials to infiltrate networks. Therefore, network administrators overseeing educational sector networks should remain vigilant regarding the tactics employed by those spreading the Fog ransomware and take proactive measures to mitigate risks in real-time.
In a separate incident, the TellYouThePass ransomware group, operational since 2019, has been found exploiting a PHP bug tracked as CVE-2024-4577, despite the availability of a fix to patch the vulnerability.
According to findings by researchers from Imperva, the TellYouThePass criminals target Windows PHP systems by exploiting web shell uploads, ultimately leading to the deployment of the ransomware.
In both instances, the perpetrators demand ransom payments in double-digit cryptocurrency amounts.
Consequently, law enforcement agencies strongly discourage victims from paying the ransom, as there is no guarantee of receiving the decryption key, nor assurance from the criminals that they will refrain from leaking stolen data online.
Therefore, in the event of a double or triple extortion attack, it is advisable to reach out to law enforcement agencies or utilize backups to recover encrypted data.