Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

Fog Ransomware – Technical Analysis

Oct. 21, 2024, 11:24 a.m.

Description

A new ransomware called Fog has been identified, affecting education and recreation centers in the United States. The threat actors gain access through compromised VPN credentials, disable Windows Defender, and deploy the ransomware. Fog is a 32-bit EXE file compiled using Microsoft Visual C/C++. It uses debug messages, dynamically loads APIs, and decrypts its configuration from JSON format. The ransomware operates as a multi-threading application, encrypting files and dropping ransom notes in each directory. It utilizes Windows CryptoAPI for cryptographic operations, stops specific services, terminates blacklisted processes, and removes backups. Fog also employs various MITRE ATT&CK techniques for execution, discovery, defense evasion, and impact.

Date

Published: Oct. 21, 2024, 11:02 a.m.

Created: Oct. 21, 2024, 11:02 a.m.

Modified: Oct. 21, 2024, 11:24 a.m.

Indicators

e67260804526323484f564eebeb6c99ed021b960b899ff788aed85bb7a9d75c3

Attack Patterns

Fog Ransomware

Fog Ransomware

T1135

T1490

T1059.003

T1562.001

T1489

T1486

T1083

T1059

Additional Informations

Education

United States of America