Skip to content
Fog Ransomware
Under attack by ransomware or suffering a cyber breach?
Speed is critical when facing a live cyber attack. If you believe you’ve been compromised, by the Fog ransomware group or another threat actor - contact us immediately.
About Fog ransomware group
Emerging in early 2024, Fog has rapidly established itself as a disruptive ransomware group, known for its advanced encryption methods and aggressive extortion tactics. After gaining initial access, often via phishing, stolen credentials, or unpatched vulnerabilities, Fog quickly encrypts critical data across the affected organisation’s systems.
Once the attack is complete, victims are presented with a ransom note demanding payment, typically in cryptocurrency, in exchange for decryption keys and a promise not to leak the stolen data.
What we can help with:
- Encrypted files & ransomware data recovery
- Incident response and containment
- Secure data restoration and system recovery
- Use of ransomware decryption tools and data recovery software
- Development of incident response plans and disaster recovery solutions
- Post-incident reviews and security hardening
Request a call back
If your organisation has been infected with ransomware contact us immediately.
How Fog operators work
First detected in May 2024, Fog is a highly organised ransomware operation that initially targeted educational institutions but has since broadened its reach across multiple sectors. Although its origins remain unclear, cyber security analysts have noted striking similarities between Fog and previous sophisticated groups, hinting at possible links to experienced threat actors.
Fog attackers typically begin with compromised VPN credentials, phishing emails, or infiltration via software supply chains, enabling initial access to victim networks. Once inside, the attackers move quickly to exfiltrate sensitive information and deploy ransomware that leaves systems paralysed with encrypted files. These operations frequently involve data theft, with victims subjected to double extortion tactics: pay the ransom or face the public release of stolen data.
Given its rapid emergence and bold tactics, security leaders are treating Fog as a significant threat. Organisations are being urged to bolster their defences and incident response capabilities to mitigate the growing risk of ransomware attacks linked to this evolving threat group.
We are equipped to deal with an attack from any ransomware group.
Don’t hesitate to contact us if you are under attack from a ransomware group not listed above.
Recognising a Fog attack
Fog ransomware attacks operate using a double extortion model, which is common in most ransomware attacks. This means it not only encrypts data but also steals sensitive information to maximise pressure on victims.
After gaining initial access, fog actors move rapidly to exploit system vulnerabilities and disable security tools, making detection and recovery significantly harder. They then encrypt critical systems and exfiltrate data. In some cases, they have used legitimate employee monitoring software to maintain persistence, evade defences, or monitor user activity before deploying the ransomware payload.
To prevent ransomware attacks like those carried out by Fog, organisations should invest in robust threat intelligence and continuous monitoring to detect unusual behaviour early. There have also been reports of Fog launching distributed denial-of-service (DDoS) attacks against victims who refuse to pay, further increasing the pressure and urgency of the ransom demand.
Why you must not interfere with your ransomware environment
If you discover a physical break-in at your offices, your first instinct would be to call the police; touch nothing and let them search for clues. Then, your focus would shift to restoring business operations.
A cyber-attack requires the same approach. Your digital environment is a CRIME SCENE. It is crucial to leave the environment untouched to allow for a forensic investigation.
This is not a task for your IT team or MSP. Digital Forensic specialists are available 24/7 to assist you, just like in a physical crime.
| description | Sector | Date Discovered | Attack Date | Country | Screenshot |
|---|---|---|---|---|---|
| [AI generated] Newtown Friends School is a private, co-educational day school located in Newtown, Pennsylvania. It offers high-standard education to students from preschool to grade 8. The school, established by Quakers in 1948, upholds Quaker values and aims to cultivate students' intellectual, ethical, and spiritual growth. They have a curriculum regionally recognized for its rigor and creativity, serving around 250 students. | Education | 20/03/2025 02:02 PM | 20/03/2025 12:00 AM | US | View |
| <1 GB | Education | 17/03/2025 02:54 PM | 17/03/2025 12:00 AM | ES | View |
| 28.1 GB | Healthcare | 13/03/2025 05:28 AM | 13/03/2025 12:00 AM | US | View |
| 111 GB | Education | 13/03/2025 01:00 AM | 12/03/2025 12:00 AM | View | |
| 57 GB | Not Found | 11/03/2025 01:28 AM | 10/03/2025 12:00 AM | View | |
| 54.6 GB | Healthcare | 10/03/2025 11:55 PM | 10/03/2025 12:00 AM | US | View |
| 27.7 GB | Education | 06/03/2025 03:52 PM | 06/03/2025 12:00 AM | US | View |
| 33 GB | Telecommunication | 06/03/2025 12:43 PM | 06/03/2025 12:00 AM | US | View |
| Extract from The 19 biggest gitlabs | Technology | 06/03/2025 02:10 AM | 05/03/2025 12:00 AM | DE | View |
| Extract from The 19 biggest gitlabs | Not Found | 06/03/2025 02:09 AM | 05/03/2025 12:00 AM | IT | View |
| Extract from The 19 biggest gitlabs | Not Found | 06/03/2025 02:07 AM | 05/03/2025 12:00 AM | US | View |
| Extract from The 19 biggest gitlabs | Not Found | 06/03/2025 02:06 AM | 05/03/2025 12:00 AM | View | |
| Extract from The 19 biggest gitlabs | Education | 06/03/2025 02:04 AM | 05/03/2025 12:00 AM | CH | View |
| Extract from The 19 biggest gitlabs | Not Found | 06/03/2025 02:03 AM | 05/03/2025 12:00 AM | MY | View |
| Extract from The 19 biggest gitlabs | Not Found | 06/03/2025 02:01 AM | 01/02/2025 07:04 PM | CZ | View |
| Extract from The 19 biggest gitlabs | Technology | 06/03/2025 01:59 AM | 05/03/2025 12:00 AM | View | |
| Extract from The 19 biggest gitlabs | Not Found | 06/03/2025 01:58 AM | 05/03/2025 12:00 AM | DE | View |
| Extract from The 19 biggest gitlabs | Not Found | 06/03/2025 01:56 AM | 05/03/2025 12:00 AM | DE | View |
| Extract from The 19 biggest gitlabs | Technology | 06/03/2025 01:55 AM | 05/03/2025 12:00 AM | US | View |
| Extract from The 19 biggest gitlabs | Not Found | 06/03/2025 01:53 AM | 05/03/2025 12:00 AM | BE | View |
| Extract from The 19 biggest gitlabs | Technology | 06/03/2025 01:52 AM | 05/03/2025 12:00 AM | ES | View |
| Extract from The 19 biggest gitlabs | Not Found | 06/03/2025 01:50 AM | 05/03/2025 12:00 AM | RU | View |
| Extract from The 19 biggest gitlabs | Not Found | 06/03/2025 01:49 AM | 20/12/2021 12:00 AM | TH | View |
| Extract from The 19 biggest gitlabs | Not Found | 06/03/2025 01:47 AM | 05/03/2025 12:00 AM | View | |
| Extract from The 19 biggest gitlabs | Technology | 06/03/2025 01:46 AM | 05/03/2025 12:00 AM | DE | View |
| Extract from The 19 biggest gitlabs | Technology | 06/03/2025 01:44 AM | 05/03/2025 12:00 AM | BE | View |
| Extract from The 19 biggest gitlabs | Public Sector | 06/03/2025 01:42 AM | 12/07/2023 09:24 PM | US | View |
| Technology | 05/03/2025 11:55 PM | 05/03/2025 12:00 AM | View | ||
| 92.5 GB | Business Services | 05/03/2025 05:53 PM | 05/03/2025 12:00 AM | US | View |
| 36.3 GB | Consumer Services | 04/03/2025 04:30 PM | 04/03/2025 12:00 AM | BR | View |
| 88.3 GB | Manufacturing | 04/03/2025 03:02 PM | 04/03/2025 12:00 AM | BR | View |
| 23.5 GB | Manufacturing | 03/03/2025 12:57 PM | 03/03/2025 12:00 AM | US | View |
| 2.2 GB | Manufacturing | 03/03/2025 12:55 PM | 03/03/2025 12:00 AM | US | View |
| [AI generated] It seems there is a bit of confusion in the request as GitLab, Synelixis Solutions, INGV (National Institute of Geophysics and Volcanology), and VMO Holdings appear to be separate entities. GitLab is a web-based DevOps tool that provides a platform for software development and version control. Synelixis Solutions is an IT company specializing in hardware and software solutions. INGV deals with research in geophysics and volcanology. VMO Holdings is a private holding company. | Technology | 26/02/2025 09:56 PM | 26/02/2025 12:00 AM | View | |
| Extract from Gitlabs: Naphix, WDNA, Bayteq - Bayteq is a technology partner specializing in software development, staff augmentation, robotic process automation, UX/UI design, and innovation consulting, delivering personalized digital solutions to businesses. | Technology | 23/02/2025 06:47 PM | 23/02/2025 12:00 AM | EC | View |
| Extract from Gitlabs: Naphix, WDNA, Bayteq - WDNA (Wireless Domestic Network Auditors) is a Spanish business group with an international presence, developing innovative technologies and specialized solutions in network monitoring and auditing, advanced meteorology, and IoT monitoring of critical infrastructures, integrated into their entro© platform. | Technology | 23/02/2025 06:47 PM | 23/02/2025 12:00 AM | ES | View |
| Extract from Gitlabs: Naphix, WDNA, Bayteq - gitlab | Technology | 23/02/2025 06:46 PM | 23/02/2025 12:00 AM | AU | View |
| 23/02/2025 06:22 PM | 23/02/2025 12:00 AM | View | |||
| Extract from Gitlabs: Next TI, VISEO, Hochschule Trier - Hochschule Trier is a German university of applied sciences offering a wide range of practice-oriented programs and conducting forward-looking research across its main campus and specialized campuses for design and environmental studies. | Education | 19/02/2025 03:01 PM | 28/09/2023 09:22 AM | DE | View |
| Extract from Gitlabs: Next TI, VISEO, Hochschule Trier - VISEO is a global technology company offering digital transformation services, including customer experience, modern ERP cloud systems, supply chain management, finance transformation, custom development, and data analytics & AI, to help businesses optimize processes and enhance customer interactions. | Technology | 19/02/2025 03:01 PM | 19/02/2025 12:00 AM | FR | View |
| Extract from Gitlabs: Next TI, VISEO, Hochschule Trier: Next TI is an Indonesian IT solutions company specializing in financial digital platforms for banking and multifinance industries, supported by South Korea's Hana Financial Group. | Technology | 19/02/2025 02:54 PM | 19/02/2025 12:00 AM | ID | View |
| 29,2 GB | Hospitality and Tourism | 19/02/2025 11:52 AM | 19/02/2025 12:00 AM | US | View |
| 19/02/2025 08:46 AM | 19/02/2025 12:00 AM | View | |||
| 7.6 GB | Education | 17/02/2025 02:21 PM | 17/02/2025 12:00 AM | US | View |
| Extract from Gitlabs: Acqua development, QBurst, Pamyra.de- Pamyra.de is a platform that allows users to compare prices and book shipping services with over 600 verified freight companies. | Not Found | 16/02/2025 11:05 AM | 16/02/2025 11:05 AM | DE | View |
| Extract from Gitlabs: Acqua development, QBurst, Pamyra.de- QBurst is a full-service software development company offering services in cloud enablement, data and AI, digitalization, and more. | Technology | 16/02/2025 11:04 AM | 16/02/2025 11:04 AM | IN | View |
| Extract from Gitlabs: Acqua development, QBurst, Pamyra.de | Not Found | 16/02/2025 11:04 AM | 16/02/2025 11:04 AM | RO | View |
| [AI generated] Gitlabs: Acqua development, QBurst, Pamyra.de refers to a combination of several tech companies. GitLab, a web-based DevOps lifecycle tool that provides a Git-repository manager, is pivotal. Acqua Development creates personalized software solutions, while QBurst provides development services across digital platforms. Pamyra.de, on the other hand, is a German online shipping price comparison portal, focusing on courier, express and parcel services. | 16/02/2025 08:37 AM | 16/02/2025 12:00 AM | View | ||
| Extract from Gitlabs: Omydoo, Ayomi, ADULLACT- ADULLACT is a French association that develops and promotes a repository of free software for local authorities and administrations. | Technology | 13/02/2025 09:12 PM | 13/02/2025 09:12 PM | FR | View |
| Extract from Gitlabs: Omydoo, Ayomi, ADULLACT- Ayomi is a French platform that assists entrepreneurs in financing their businesses. | Not Found | 13/02/2025 09:11 PM | 13/02/2025 09:11 PM | FR | View |
| Extract from Gitlabs: Omydoo, Ayomi, ADULLACT - Omydoo is a French company specializing in implementing integrated management software solutions for SMEs using the open-source ERP Odoo. | Not Found | 13/02/2025 09:11 PM | 13/02/2025 09:11 PM | FR | View |
| Not Found | 13/02/2025 09:03 PM | 13/02/2025 12:00 AM | View | ||
| 72.2 | Healthcare | 13/02/2025 05:05 PM | 13/02/2025 12:00 AM | ES | View |
| Extract from Gitlabs: INGV, Spacemanic, Squeezer-software | Technology | 12/02/2025 05:18 PM | 12/02/2025 05:18 PM | - | |
| Extract from Gitlabs: INGV, Spacemanic, Squeezer-softwareSpacemanic is a Czech start-up that provides innovative nanosatellite solutions and CubeSat components, offering services from design and development to launch and ground station support. | Technology | 12/02/2025 05:18 PM | 12/02/2025 05:18 PM | CZ | - |
| Extract from Gitlabs: INGV, Spacemanic, Squeezer-software - The Istituto Nazionale di Geofisica e Vulcanologia (INGV) is an Italian research institution specializing in geophysics and volcanology, focusing on monitoring and studying seismic and volcanic activities. | Not Found | 12/02/2025 05:18 PM | 12/02/2025 05:17 PM | IT | - |
| [AI generated] Gitlabs: INGV, Spacemanic, Squeezer-software is a conglomerate of three diverse specialty companies. INGV, the Italian National Institute for Geophysics and Volcanology, focuses on scientific research in earth sciences. Spacemanic is a Slovak company specializing in the production of small and nano-satellites. Squeezer offers a decentralized platform for multi-cloud and blockchain deployment, aiding developers in cloud apps production. | Technology | 12/02/2025 04:57 PM | 12/02/2025 12:00 AM | US | View |
| 6.5 GB | Manufacturing | 12/02/2025 01:18 PM | 12/02/2025 12:00 AM | DE | View |
| 5 GB | Education | 11/02/2025 05:35 PM | 11/02/2025 12:00 AM | CL | View |
| 171 GB | Education | 11/02/2025 04:24 PM | 11/02/2025 12:00 AM | US | View |
| 62 GB | Education | 11/02/2025 02:55 PM | 11/02/2025 12:00 AM | AU | View |
| Extract from Gitlabs: Universitatea Politehnica din Bucuresti, Maxvy Technologies Pvt, iRidge Inc. | Technology | 09/02/2025 06:45 PM | 09/02/2025 06:45 PM | JP | View |
| Extract from Gitlabs: Universitatea Politehnica din Bucuresti, Maxvy Technologies Pvt, iRidge Inc. | Technology | 09/02/2025 06:44 PM | 09/02/2025 06:44 PM | IN | View |
| Extract from Gitlabs: Universitatea Politehnica din Bucuresti, Maxvy Technologies Pvt, iRidge Inc. | Education | 09/02/2025 06:44 PM | 09/02/2025 06:44 PM | RO | View |
| 09/02/2025 11:38 AM | 09/02/2025 12:00 AM | View | |||
| Extract from Gitlabs: Chalmers tekniska högskola, Fligno, 3SS | Technology | 07/02/2025 11:45 PM | 07/02/2025 11:45 PM | DE | - |
| Extract from Gitlabs: Chalmers tekniska högskola, Fligno, 3SS | Technology | 07/02/2025 11:45 PM | 07/02/2025 11:45 PM | NO | - |
| Extract from Gitlabs: Chalmers tekniska högskola, Fligno, 3SS | Education | 07/02/2025 11:45 PM | 07/02/2025 11:45 PM | SE | - |
| Not Found | 07/02/2025 09:40 PM | 07/02/2025 12:00 AM | View | ||
| Extract from Gitlabs: eConceptions, Top Systems, DIEM | Not Found | 06/02/2025 07:59 AM | 06/02/2025 07:59 AM | IT | - |
| Extract from Gitlabs: eConceptions, Top Systems, DIEM | Technology | 06/02/2025 07:59 AM | 06/02/2025 07:59 AM | BR | - |
| Extract from Gitlabs: eConceptions, Top Systems, DIEM | Not Found | 06/02/2025 07:58 AM | 06/02/2025 07:58 AM | PK | - |
| Technology | 06/02/2025 07:54 AM | 06/02/2025 12:00 AM | View | ||
| Extract from Gitlabs: Prasaga, HE2B, Kombinat | Not Found | 04/02/2025 09:28 PM | 30/01/2025 12:00 AM | AT | View |
| Extract from Gitlabs: Prasaga, HE2B, Kombinat | Not Found | 04/02/2025 09:28 PM | 30/01/2025 12:00 AM | BE | View |
| Extract from Gitlabs: Prasaga, HE2B, Kombinat | Technology | 04/02/2025 09:28 PM | 30/01/2025 12:00 AM | US | View |
| Extract from Gitlabs: Professional Computer, X-Pans, Propulsion Academy AG | Education | 04/02/2025 09:18 PM | 31/01/2025 12:00 AM | CH | View |
| Extract from Gitlabs: Professional Computer, X-Pans, Propulsion Academy AG | Not Found | 04/02/2025 09:18 PM | 31/01/2025 12:00 AM | FR | View |
| Extract from Gitlabs: Professional Computer, X-Pans, Propulsion Academy AG | Technology | 04/02/2025 09:18 PM | 31/01/2025 12:00 AM | TH | View |
| Extract from Gitlabs: PT. ITPRENEUR INDONESIA TECHNOLOGY, GFZ Helmholtz Centre for Geosciences, LUA Coffee | Consumer Services | 04/02/2025 09:13 PM | 01/02/2025 12:00 AM | ID | View |
| Extract from Gitlabs: PT. ITPRENEUR INDONESIA TECHNOLOGY, GFZ Helmholtz Centre for Geosciences, LUA Coffee | Public Sector | 04/02/2025 09:12 PM | 01/02/2025 12:00 AM | DE | View |
| Extract from Gitlabs: PT. ITPRENEUR INDONESIA TECHNOLOGY, GFZ Helmholtz Centre for Geosciences, LUA Coffee | Technology | 04/02/2025 09:12 PM | 01/02/2025 12:00 AM | ID | View |
| Extract from Gitlabs: hemio.de, SOLEIL, Devlion | Not Found | 04/02/2025 09:10 PM | 04/02/2025 09:09 PM | IL | View |
| Extract from Gitlabs: hemio.de, SOLEIL, Devlion | Not Found | 04/02/2025 09:09 PM | 04/02/2025 09:08 PM | FR | View |
| Extract from Gitlabs: hemio.de, SOLEIL, Devlion | Technology | 04/02/2025 09:07 PM | 04/02/2025 09:06 PM | DE | View |
| Extract from Gitlabs: Bolin Centre for Climate Research, X-lab group, Madia | Business Services | 04/02/2025 09:05 PM | 03/02/2025 12:00 AM | NL | View |
| Extract from Gitlabs: Bolin Centre for Climate Research, X-lab group, Madia | Not Found | 04/02/2025 09:04 PM | 03/02/2025 12:00 AM | EG | View |
| Extract from Gitlabs: Bolin Centre for Climate Research, X-lab group, Madia | Education | 04/02/2025 09:02 PM | 03/02/2025 12:00 AM | SE | View |
| Technology | 04/02/2025 08:19 PM | 04/02/2025 08:18 PM | DE | View | |
| Technology | 03/02/2025 07:07 PM | 03/02/2025 07:06 PM | View | ||
| 1.5 TB | Energy | 03/02/2025 04:27 PM | 03/02/2025 04:26 PM | TR | View |
| Technology | 01/02/2025 10:15 PM | 01/02/2025 10:14 PM | ID | View | |
| Technology, Not Found, Education | 30/01/2025 08:59 PM | 30/01/2025 08:58 PM | CH | View | |
| Technology | 29/01/2025 11:28 PM | 29/01/2025 11:27 PM | US | View | |
| 180 GB | Business Services | 29/01/2025 11:59 AM | 29/01/2025 11:58 AM | US | View |
| 20 GB | Education | 24/01/2025 12:34 PM | 24/01/2025 12:33 PM | US | View |
| 13 GB | Manufacturing | 24/01/2025 12:01 PM | 24/01/2025 12:01 PM | IT | - |
| 25.7 GB | Transportation/Logistics | 23/01/2025 05:38 PM | 23/01/2025 05:36 PM | NL | View |
| 91 MB | Education | 14/01/2025 12:31 PM | 14/01/2025 12:30 PM | US | - |
| 15 GB | Technology | 14/01/2025 12:30 PM | 14/01/2025 12:29 PM | US | - |
| 1.7 GB | Retail | 14/01/2025 12:29 PM | 14/01/2025 12:27 PM | US | - |
| 7.2 GB | Transportation/Logistics | 10/01/2025 12:20 PM | 10/01/2025 12:19 PM | US | View |
| 16.8 GB | Not Found | 07/01/2025 08:17 PM | 07/01/2025 08:16 PM | BE | View |
| 14.3 GB | Hospitality and Tourism | 26/12/2024 08:18 PM | 26/12/2024 12:00 AM | US | View |
| 35 GB | Business Services | 25/12/2024 05:19 PM | 25/12/2024 12:00 AM | US | View |
| 43.5 GB | Business Services | 23/12/2024 04:09 PM | 23/12/2024 12:00 AM | AU | View |
| 5.7 GB | Business Services | 23/12/2024 01:19 PM | 23/12/2024 12:00 AM | US | View |
| 2.4 GB | Manufacturing | 23/12/2024 01:18 PM | 23/12/2024 12:00 AM | US | View |
| 23 GB | Manufacturing | 23/12/2024 01:17 PM | 23/12/2024 12:00 AM | BR | View |
| 6.8 GB | Business Services | 20/12/2024 03:18 PM | 20/12/2024 12:00 AM | DE | View |
| 1 GB | Education | 20/12/2024 03:17 PM | 20/12/2024 12:00 AM | US | View |
| 25.9 GB | Business Services | 20/12/2024 03:16 PM | 20/12/2024 12:00 AM | US | View |
| 14.2 GB | Education | 20/12/2024 01:20 PM | 20/12/2024 12:00 AM | US | View |
| 2.7 GB | Energy | 20/12/2024 01:19 PM | 20/12/2024 12:00 AM | US | View |
| 5 GB | Manufacturing | 20/12/2024 04:22 AM | 19/12/2024 12:00 AM | US | View |
| Financial | 20/12/2024 04:21 AM | 19/12/2024 12:00 AM | US | View | |
| 15 GB | Business Services | 18/12/2024 04:54 PM | 18/12/2024 12:00 AM | BE | View |
| 19 GB | Business Services | 18/12/2024 04:53 PM | 18/12/2024 12:00 AM | US | View |
| 6 GB | Technology | 17/12/2024 02:22 PM | 17/12/2024 12:00 AM | CA | View |
| 4 GB | Transportation/Logistics | 17/12/2024 12:34 PM | 17/12/2024 12:00 AM | BR | View |
| 36 GB | Technology | 16/12/2024 06:55 PM | 16/12/2024 12:00 AM | GR | View |
| 5 GB | Education | 16/12/2024 06:54 PM | 16/12/2024 12:00 AM | AU | View |
| about 1 GB | Business Services | 11/12/2024 04:44 PM | 11/12/2024 12:00 AM | US | View |
| 1 GB | Manufacturing | 05/12/2024 03:09 PM | 05/12/2024 12:00 AM | DE | View |
| 10 GB | Healthcare | 02/12/2024 02:10 PM | 02/12/2024 12:00 AM | IE | View |
| 10,1 GB | Manufacturing | 29/11/2024 01:03 PM | 29/11/2024 12:00 AM | US | View |
| 6 GB | Financial | 28/11/2024 03:36 PM | 28/11/2024 12:00 AM | CM | View |
| 20 GB | Manufacturing | 28/11/2024 02:07 PM | 28/11/2024 12:00 AM | FR | View |
| Education | 28/11/2024 12:51 PM | 28/11/2024 12:51 PM | US | View | |
| 3 GB | Healthcare | 28/11/2024 11:02 AM | 28/11/2024 12:00 AM | AU | View |
| 8,2 GB | Manufacturing | 27/11/2024 04:55 PM | 27/11/2024 12:00 AM | US | View |
| 1 GB | Healthcare | 27/11/2024 02:07 PM | 27/11/2024 12:00 AM | US | View |
| 10 GB | Business Services | 26/11/2024 04:39 PM | 26/11/2024 12:00 AM | IN | View |
| 5,3 GB | Manufacturing | 26/11/2024 04:38 PM | 26/11/2024 12:00 AM | US | View |
| 1,4 GB | Business Services | 26/11/2024 04:37 PM | 26/11/2024 12:00 AM | US | View |
| about 1 GB | Business Services | 26/11/2024 02:42 PM | 26/11/2024 12:00 AM | IE | View |
| 1,3 GB | Transportation/Logistics | 26/11/2024 01:08 PM | 26/11/2024 12:00 AM | US | View |
| 10,5 GB | Manufacturing | 21/11/2024 02:38 PM | 21/11/2024 12:00 AM | US | View |
| 6 GB | Technology | 21/11/2024 02:37 PM | 21/11/2024 12:00 AM | US | View |
| 1 GB | Education | 19/11/2024 06:09 PM | 19/11/2024 12:00 AM | US | View |
| 5,6 GB | Manufacturing | 19/11/2024 06:08 PM | 19/11/2024 12:00 AM | US | View |
| 3 GB | Transportation/Logistics | 18/11/2024 03:44 PM | 18/11/2024 12:00 AM | US | View |
| 19 GB | Transportation/Logistics | 15/11/2024 07:06 PM | 15/11/2024 12:00 AM | IN | View |
| 6 GB | Education | 06/11/2024 03:17 PM | 06/11/2024 12:00 AM | US | View |
| 65 GB | Business Services | 06/11/2024 03:16 PM | 06/11/2024 12:00 AM | BR | View |
| 2,6 GB | Business Services | 31/10/2024 03:21 PM | 31/10/2024 12:00 AM | SE | View |
| 28 GB | Transportation/Logistics | 30/10/2024 03:55 PM | 30/10/2024 12:00 AM | US | View |
| 81 GB | Technology | 30/10/2024 02:00 PM | 30/10/2024 12:00 AM | US | View |
| 11 GB | Education | 29/10/2024 01:43 PM | 29/10/2024 12:00 AM | US | View |
| 76 GB | Manufacturing | 29/10/2024 12:23 PM | 29/10/2024 12:00 AM | US | View |
| 5,1 GB | Education | 28/10/2024 01:17 PM | 25/10/2024 12:00 AM | CA | View |
| 41 GB | Government | 25/10/2024 01:11 PM | 25/10/2024 12:00 AM | US | View |
| 5,1 GB | Government | 25/10/2024 01:10 PM | 25/10/2024 12:00 AM | US | View |
| 25 GB | Business Services | 24/10/2024 03:35 PM | 24/10/2024 12:00 AM | US | View |
| 45 GB | Transportation/Logistics | 24/10/2024 03:34 PM | 24/10/2024 12:00 AM | HK | View |
| 27 GB | Manufacturing | 24/10/2024 02:05 PM | 24/10/2024 12:00 AM | US | View |
| 10 GB | Government | 23/10/2024 02:30 PM | 23/10/2024 12:00 AM | US | View |
| 37 GB | Manufacturing | 23/10/2024 01:09 PM | 23/10/2024 12:00 AM | US | View |
| 10 GB | Government | 22/10/2024 04:05 PM | 22/10/2024 12:00 AM | US | View |
| 71 GB | Business Services | 22/10/2024 02:38 PM | 22/10/2024 12:00 AM | US | View |
| 118 GB | Transportation/Logistics | 21/10/2024 04:33 PM | 21/10/2024 12:00 AM | DE | View |
| 102 GB | Agriculture and Food Production | 21/10/2024 03:06 PM | 21/10/2024 12:00 AM | US | View |
| 3 GB | Financial | 21/10/2024 12:08 PM | 21/10/2024 12:00 AM | US | View |
| 16 GB | Business Services | 18/10/2024 05:02 PM | 18/10/2024 12:00 AM | US | View |
| 3 GB | Business Services | 18/10/2024 03:07 PM | 18/10/2024 12:00 AM | AU | View |
| 27,6 GB | Manufacturing | 16/10/2024 06:03 PM | 16/10/2024 12:00 AM | US | View |
| 107 GB | Business Services | 16/10/2024 06:02 PM | 16/10/2024 12:00 AM | US | View |
| 86 GB | Agriculture and Food Production | 16/10/2024 01:36 PM | 16/10/2024 12:00 AM | US | View |
| 20 GB | Agriculture and Food Production | 15/10/2024 04:33 PM | 15/10/2024 12:00 AM | US | View |
| 10 GB | Business Services | 20/09/2024 04:32 PM | 20/09/2024 04:31 PM | US | View |
| 30 GB | Agriculture and Food Production | 19/09/2024 05:58 PM | 19/09/2024 05:58 PM | CA | View |
| 250 GB | Healthcare | 18/09/2024 04:03 PM | 18/09/2024 04:03 PM | US | View |
| Manufacturing | 11/09/2024 01:07 PM | 11/09/2024 12:00 AM | US | View | |
| 469 GB | Business Services | 11/09/2024 01:05 PM | 11/09/2024 01:05 PM | DE | View |
| Manufacturing | 15/08/2024 09:27 PM | 15/08/2024 09:27 PM | US | View | |
| 20 GB | Agriculture and Food Production | 06/08/2024 04:23 PM | 06/08/2024 04:23 PM | View | |
| 22 GB | Business Services | 06/08/2024 04:22 PM | 06/08/2024 04:22 PM | View | |
| 22 GB | Manufacturing | 05/08/2024 05:36 PM | 05/08/2024 05:36 PM | View | |
| 30 GB | Agriculture and Food Production | 29/07/2024 07:34 PM | 29/07/2024 07:34 PM | NL | View |
| 10 GB | Government | 26/07/2024 04:07 PM | 26/07/2024 04:07 PM | CA | View |
| 18 GB | Government | 25/07/2024 05:41 PM | 25/07/2024 05:41 PM | US | View |
| 10 GB | Education | 22/07/2024 04:36 PM | 22/07/2024 04:36 PM | View | |
| 4GB | Government | 16/07/2024 10:05 PM | 19/06/2024 12:00 AM | View | |
| 10 GB | Not Found | 16/07/2024 10:04 PM | 24/06/2024 12:00 AM | View | |
| 19.4GB | Business Services | 16/07/2024 10:04 PM | 07/07/2024 12:00 AM | View | |
| 95GB | Business Services | 16/07/2024 10:03 PM | 04/07/2024 12:00 AM | View | |
| 60GB | Government | 16/07/2024 09:43 PM | 04/07/2024 12:00 AM | US | View |
| 9,5 GB | Government | 16/07/2024 09:42 PM | 11/07/2024 12:00 AM | US | View |
| 10 GB | Education | 16/07/2024 09:42 PM | 16/07/2024 09:42 PM | OM | View |
Known threat actors
Ransomware groups behind the attacks
Below is a breakdown of the most active ransomware groups and the variants driving their attacks.
Post breach actions
-
Call a NCSC Cyber Incident Response approved supplier Some NCSC providers will fund up to 48 hours of investigation into your incident.
-
Report the incident to Report Fraud
-
Locate your business continuity plan Work out what you can do without access to your systems and data.
-
Identify your business insurance contact details
Who are we and what experience do we have in responding to cyber incidents?
We are accredited to ISO 27001 and recognised by the UK’s National Cyber Security Centre (NCSC).
We provide comprehensive cyber risk management services, with a core focus on Digital Forensics and Incident Response (DFIR). Our capabilities are driven by a 24/7 Security Operations Centre and a dedicated in-house intelligence team that delivers timely, actionable threat reporting.
With decades of collective cyber security experience, we have the expertise to assume operational ownership of your entire IT security architecture – simplifying and strengthening cyber security across your business.
As an Assured Service Provider for Cyber Incident Response (CIR) at the Standard Level. This accreditation demonstrates our ability to deliver high-assurance, effective support in response to a wide range of cyber threats.
Your NCSC-approved supplier is a specialist crime scene investigator who will:
- Isolate and preserve your environment for forensic investigation.
- Identify where the data has been duplicated and issue a legal takedown order.
- Identify your data, application and systems restore points. These might be at different points in time and will need to be carefully restored and reconstructed in a pristine environment.
- Liaise with your business insurance company and if needed, with the Police.
- Advise you on notifying your customers of your situation.
- Rebuild your systems, restore your data and get you back to full operation. Note: This process can take between 2 weeks – 2 months.
Working with us
Our response process
Our team are ransomware recovery specialists with a proven, streamlined approach to resolving incidents quickly and effectively.
Step 1: Triage
We deploy our incident response team the same day. From the first call, we begin onboarding, introduce key stakeholders, set communication schedules, and start gathering critical information to guide the response.
Step 2: Investigation
DFIR (Digital Forensic Incident Response) teams investigate breaches to identify vulnerabilities, attack vectors, and system impacts from ransomware such as Data Loss (PII). We deliver clear forensic insights to guide mitigation.
Step 3: Contain
Our onsite and remote teams act fast to stop the attack in its tracks. That includes isolating affected systems, removing malicious code, and putting protections in place to prevent further spread or damage.
Step 4: Remediate & Eradicate
Once contained, we work to fully eliminate the threat. This includes fixing exploited vulnerabilities, restoring systems to a secure state, and ensuring no traces of the attack remain.
Step 5: Recover
Our incident response teams help get your business back to normal. We restore access to systems, recover data, and ensure services are safe, stable, and functioning, with minimal downtime.
Step 6: Post Incident
We conduct a full review of the incident response and recovery efforts. Together we assess what happened, what worked, and what can be improved, helping you build stronger defences for the future.
Forensic analysis to drive recovery
Our process includes a thorough digital forensic analysis from step two where the output becomes a central component of business recovery. This is because understanding the attack is of critical importance:
Informing an initial infection date
The extent and spread of infection
Data exfiltration having an impact on regulatory positions
Ensuring that the attacker and any tooling or artefacts they leave behind are eradicated
It is critical that the analysis of digital evidence is carried out to an agreed plan.
Maximising early root cause discovery and legal leverage
The process is purpose-built to uncover the root cause as early as possible, which is essential to inform remediation / eradication and recovery as well as supporting a legal take-down case if this is applicable. A legal take-down means we can assist in the legal enforcement that stops the criminals from publishing the data, thus undermining the ransom notice.
Our Digital Forensic and Incident Response (DFIR) teams maintain consistent communication throughout. Dedicated Incident Managers and technical engineering leads provide updates during the Cyber Incident Response journey, utilising risk registers and working within change management processes, all from triage through to post-incident, delivering successful business recovery.
Key take aways
- You will not be able to access your systems or data.
- It is advised to disconnect from the internet and shut down your systems, including PCs, to prevent further infections.
- Your Office 365 system might also be compromised, allowing the attackers to monitor your responses. Avoid communicating with individuals through your primary email or team systems.
- Threat actors typically infiltrate your system at least 2-4 weeks before you become aware of the attack. Your data will have already been exfiltrated. If your system is encrypted, this was not an overnight event.
- Ransom demands in the UK typically range from £500,000 to £3 million, with some sectors, like education, facing demands that exceed £5 million
- Paying the ransom may violate financial sanctions, which is a criminal offence and could result in a custodial sentence or further financial penalties.
- If your data is sold or published online, it puts your customers and staff at risk, potentially implicating you in a Data Protection breach.
- You will need to submit a data takedown request to the initial location where the data was transferred.
- Do not overwrite the encrypted data. It is crucial to determine when the infection began and where the data was sent.
- Avoid rebuilding from the latest backup, as it is likely to be infected.
Why should I trust Zensec to do this work rather than my IT team?
A forensic analysis needs to be meticulous and a clean restore and recovery requires a wealth of experience not normally available in an in-house team who must provide a broader range of IT support skills:
Internal IT teams don’t have the necessary skill set to resolve security encryption issues themselves.
IT teams may recover to the same position with indicators of compromise ready to do it again… which can lead to another breach.
Internal teams are pressured to restore business operations and may recover before forensic analysis even begins, potentially destroying the crime scene before completion.
We can help
Frequently asked questions
Key information when you’re under pressure.
Yes, Fog is a ransomware group that encrypts files and issues a ransom threat to victims. It follows a double extortion model, demanding payment not only to decrypt data but also to prevent the public release of stolen information.
To defend against Fog and similar threats, organisations are being urged to monitor network traffic closely for unusual activity, which can help detect early signs of compromise before data is encrypted or exfiltrated.
The Fog ransomware likely infiltrated your system through one of several common attack vectors:
Phishing attempts
RDP exploits
Compromised software updates
Leveraging compromised VPN credentials
To strengthen your defences and reduce future risk, we recommend implementing the following security measures:
Educate staff on cyber security awareness
Use strong, unique passwords
Enable multi-factor authentication (MFA)
Remove unused or outdated user accounts
Perform regular and secure data backups
Apply software and system updates promptly
Your security teams should also deploy advanced threat protection and regularly review other security tools to ensure they are properly configured and up to date. Continuous monitoring of IP address activity and internal network behaviour can help detect fog intrusions and suspicious lateral movement before threats escalate.
It is crucial to focus on isolating sensitive data to prevent further compromise. Strengthening network defenses can help effectively detect and contain threats. Swift identification and containment of the affected data, particularly during early attacks, can significantly reduce the overall impact of a ransomware incident.
After recovering from a Fog incident, Zensec strongly advises updating your business continuity plan to incorporate the lessons learned during both the attack and recovery process.
A ransomware attack presents the most significant threat to your business by:
- Disabling your access to systems, which could hinder machinery operation or impede progress through your business processes.
- Blocking access to critical data concerning suppliers, shipments, customers, orders, or steps in your business workflow.
In the event of a business interruption, identifying your position in the supply chain and sustaining operations can be challenging. If the disruption continues, maintaining business continuity becomes critical. Once systems and data are restored, addressing backlogs and establishing future operational protocols are essential.
Ransomware ranks only behind receivership in terms of its capacity to incapacitate a business.
The NCSC is the UK National Cyber Security Centre. They provide cyber security guidance and support, helping to make the UK the safest place to live and work online. They have defined a Cyber Incident Response procedure and they have approved and accredited suppliers to provide this service.
As a recognised Assured Service Provider by the National Cyber Security Centre (NCSC), Zensec provide comprehensive cyber risk management services that are designed to Protect, Detect & Mitigate cyber security threats across the UK.
Report Fraud is the UK's national reporting centre for fraud and cybercrime. Whether you have been scammed, defrauded, or experienced cybercrime in England, Wales, or Northern Ireland, Report Fraud offers a central point of contact for information on fraud and financially motivated cybercrime.
https://www.reportfraud.police.uk/https://www.actionfraud.police.uk/
Yes. There's a possibility that some of the lost data falls under the category of "Personal Data" belonging to your customers. It's your legal responsibility to safeguard this data, even if it has been lost. Additionally, you may need to notify the Information Commissioner's Office (ICO) at https://ico.org.uk/.
Your insurer or legal counsel will provide guidance on the necessary steps and how to move forward in this situation. Solace has experience collaborating with insurers and legal professionals and can offer support in managing this relationship during this challenging period.
Legitimate employee monitoring software refers to legitimate tools used by organisations to track employee activity on work devices. These tools are commonly employed to enhance productivity, enforce internal policies, and maintain compliance with data protection regulations.
However, when not properly secured, such tools can be exploited by cybercriminals. In recent incidents, threat actors have repurposed legitimate employee monitoring software as part of their tactics, turning trusted solutions into enablers of unauthorised surveillance or data exfiltration, particularly in the context of a growing ransomware threat.
To minimise this risk, organisations should conduct regular security audits, ensure proper access controls, and include monitoring tools in their overall cyber security strategy.
Dealing with a ransomware attack?
Our ransomware recovery service can help
Our expert team works quickly to contain the breach, recover your data, and restore your systems to full operation. We’ll guide you through every step of the recovery process and help strengthen your defences to prevent future attacks. Regain control with Zensec - trusted support when it matters most.