Ransomware Group:  
Fog



Sponsored by Hudson RockUse Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business


Sites | External Information | Tools | Ransom Note(s) | Activity | Worldmap | Victims (66)

Fog, which uses the .flocked extension for encrypted files, was first observed in May in campaigns by Storm-0844, a threat actor known for distributing Akira. By June, Storm-0844 was deploying Fog more than Akira.


Sites

Title Available Last Visit FQDN Screenshot
FOG 🟢 2024-12-07 09:32:10.469991 xql562evsy7njcsngacphc2erzjfecwotdkobn3m4uxu2gtqh26newid.onion 📸
Blog 🟢 2024-12-07 09:32:24.051207 xbkv2qey6u3gd3qxcojynrt4h5sgrhkar6whuo74wo63hijnn677jnyd.onion 📸
Blog 🟢 2024-12-07 09:32:37.435141 xbkv2qey6u3gd3qxcojynrt4h5sgrhkar6whuo74wo63hijnn677jnyd.onion 📸

External information

Tools used

Discovery RMM Tools Defense Evasion Credential Theft OffSec Networking LOLBAS Exfiltration
Advanced Port Scanner Veeam-Get-Creds Metasploit PsExec
SharpShares
SoftPerfect NetScan

This information is provided by Ransomware-Tool-Matrix

Ransom Note(s)

Activity over time

Worldmap

66 Victims

DE flag

Dorner (dorner-gmbh.de) 

Company logo
Ransomware Group:

Discovery Date: 2024-12-05 15:09

1 GB

Victim:   |  Group: 
IE flag

Conlin's Pharmacy (conlinspharmacy.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-12-02 14:10

Sector: Healthcare
10 GB

Victim:   |  Group: 
US flag

Weld Racing (weldracing.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-29 13:03

10,1 GB

Victim:   |  Group: 
CM flag

Chanas Assurances S.A. (chanasassurances.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-28 15:36

6 GB

Victim:   |  Group: 
FR flag

ALLTUB Group (alltub.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-28 14:07

20 GB

Victim:   |  Group: 
US flag

Bedminster School (bedminsterschool.org) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-28 12:51

Sector: Education

Victim:   |  Group: 
AU flag

WPM Pathology Laboratory (wpmpath.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-28 11:02

Sector: Healthcare
3 GB

Victim:   |  Group: 
US flag

Gruber Tool & Die (grubertool.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-27 16:55

8,2 GB

Victim:   |  Group: 
US flag

Signal Health Washington (signalhealthwa.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-27 14:07

Sector: Healthcare
1 GB

Victim:   |  Group: 
IN flag

Pioneer Urban Land & Infrastructure (pioneerurban.in) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-26 16:39

Sector: Construction
10 GB

Victim:   |  Group: 
US flag

Pinnacle Plastic Products (pinnacleplasitcporducts.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-26 16:38

5,3 GB

Victim:   |  Group: 
US flag

Complete Recycling Services (completerecyclingservices.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-26 16:37

1,4 GB

Victim:   |  Group: 
IE flag

Marketing Incentives (leinsterappointments.ie) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-26 14:42

about 1 GB

Victim:   |  Group: 
US flag

Metroline (metrolinedirect.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-26 13:08

1,3 GB

Victim:   |  Group: 
US flag

Hogan Mfg (hoganmfg.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-21 14:38

10,5 GB

Victim:   |  Group: 
US flag

Fifteenfortyseven Critical Systems Realty (1547realty.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-21 14:37

Sector: Technology
6 GB

Victim:   |  Group: 
US flag

Burkburnett Independent School District 

Company logo
Ransomware Group:

Discovery Date: 2024-11-19 18:09

Sector: Education
1 GB

Victim:   |  Group: 
US flag

Valley Planing Mill (valleyplaning.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-19 18:08

5,6 GB

Victim:   |  Group: 
US flag

Waters Truck and Tractor (waterstruck.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-18 15:44

3 GB

Victim:   |  Group: 
IN flag

Vector Transport (vectortransport.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-15 19:06

19 GB

Victim:   |  Group: 
US flag

Cape Cod Regional Technical High School (capetech.us) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-06 15:17

Sector: Education
6 GB

Victim:   |  Group: 
BR flag

GSR Andrade Architects (gsr-andrade.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-11-06 15:16

Sector: Construction
65 GB

Victim:   |  Group: 
SE flag

Askling Car (asklingbil.se) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-31 15:21

2,6 GB

Victim:   |  Group: 
US flag

Jillamy (jillamy.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-30 15:55

28 GB

Victim:   |  Group: 
US flag

SmartSource (smartsource-inc.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-30 14:00

Sector: Technology
81 GB

Victim:   |  Group: 
US flag

Jordan Public Schools (https://www.jordan.k12.mn.us/) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-29 13:43

Sector: Education
11 GB

Victim:   |  Group: 
US flag

Sage Automotive Interior (sageautomotiveinteriors.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-29 12:23

76 GB

Victim:   |  Group: 
CA flag

Evergreen SD50 (evergreensd50.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-28 13:17
Estimated Attack Date: 2024-10-25

Sector: Education
5,1 GB

Victim:   |  Group: 
US flag

Cucamonga Valley Water District (cvwdwater.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-25 13:11

41 GB

Victim:   |  Group: 
US flag

Evergreen Local School District (evgvikings.org) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-25 13:10

5,1 GB

Victim:   |  Group: 
US flag

Value City NJ (valuecitynj.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-24 15:35

25 GB

Victim:   |  Group: 
HK flag

The Getz Group (getz.com.hk) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-24 15:34

45 GB

Victim:   |  Group: 
US flag

Apache Mills, Inc. (apachemills.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-24 14:05

27 GB

Victim:   |  Group: 
US flag

Goshen Central School District (gcsny.org) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-23 14:30

10 GB

Victim:   |  Group: 
US flag

Mar-Bal (mar-bal.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-23 13:09

37 GB

Victim:   |  Group: 
US flag

Lincoln University (lincolnu.edu) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-22 16:05

10 GB

Victim:   |  Group: 
US flag

Clear Connection (clearconnection.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-22 14:38

71 GB

Victim:   |  Group: 
DE flag

Schweiger Transport (schweiger-gmbh.de) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-21 16:33

118 GB

Victim:   |  Group: 
US flag

Philadelphia Macaroni (philamacaroni.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-21 15:06

102 GB

Victim:   |  Group: 
US flag

Trimarc Financial (trimarc.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-21 12:08

3 GB

Victim:   |  Group: 
US flag

Fromm (FrommBeauty.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-18 17:02

16 GB

Victim:   |  Group: 
AU flag

Ultra Tune (ultratune.com.au) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-18 15:07

3 GB

Victim:   |  Group: 
US flag

Welker (welker.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-16 18:03

27,6 GB

Victim:   |  Group: 
US flag

Cordogan Clark and Associates (cordoganclark.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-16 18:02

Sector: Construction
107 GB

Victim:   |  Group: 
US flag

Food Sciences Corporation (foodsciences.com) 

Company logo
Ransomware Group:

Discovery Date: 2024-10-16 13:36

86 GB

Victim:   |  Group: 
US flag

Central Pennsylvania Food Bank 

Company logo
Ransomware Group:

Discovery Date: 2024-10-15 16:33

20 GB

Victim:   |  Group: 
US flag

Juice Generation 

Company logo
Ransomware Group:

Discovery Date: 2024-09-20 16:32

10 GB

Victim:   |  Group: 
CA flag

Sunrise Farms 

Company logo
Ransomware Group:

Discovery Date: 2024-09-19 17:58

30 GB

Victim:   |  Group: 
US flag

Prentke Romich Company 

Company logo
Ransomware Group:

Discovery Date: 2024-09-18 16:03

Sector: Healthcare
250 GB

Victim:   |  Group: 
US flag

S. Walter Packaging 

Company logo
Ransomware Group:

Discovery Date: 2024-09-11 13:07

Victim:   |  Group: 
DE flag

Clatronic International GmbH 

Company logo
Ransomware Group:

Discovery Date: 2024-09-11 13:05

469 GB

Victim:   |  Group: 
US flag

Seaway Manufacturing Corp. 

Company logo
Ransomware Group:

Discovery Date: 2024-08-15 21:27

Victim:   |  Group: 
 flag

IOI Corporation Berhad 

Company logo
Ransomware Group:

Discovery Date: 2024-08-06 16:23

20 GB

Victim:   |  Group: 
 flag

Ziba Design 

Company logo
Ransomware Group:

Discovery Date: 2024-08-06 16:22

22 GB

Victim:   |  Group: 
 flag

Hi-P International 

Company logo
Ransomware Group:

Discovery Date: 2024-08-05 17:36

22 GB

Victim:   |  Group: 
NL flag

BASF - Nunhems 

Company logo
Ransomware Group:

Discovery Date: 2024-07-29 19:34

30 GB

Victim:   |  Group: 
CA flag

City of Cold Lake 

Company logo
Ransomware Group:

Discovery Date: 2024-07-26 16:07

10 GB

Victim:   |  Group: 
US flag

Odessa College 

Company logo
Ransomware Group:

Discovery Date: 2024-07-25 17:41

18 GB

Victim:   |  Group: 
 flag

Wichita State University Campus of Applied Sciences and Technology 

Company logo
Ransomware Group:

Discovery Date: 2024-07-22 16:36

Sector: Education
10 GB

Victim:   |  Group: 
 flag

Geelong Lutheran College 

Company logo
Ransomware Group:

Discovery Date: 2024-07-16 22:05
Estimated Attack Date: 2024-06-19

4GB

Victim:   |  Group: 
 flag

Asbury Theological Seminary 

Company logo
Ransomware Group:

Discovery Date: 2024-07-16 22:04
Estimated Attack Date: 2024-06-24

Sector: Not Found
10 GB

Victim:   |  Group: 
 flag

Djg Projects 

Company logo
Ransomware Group:

Discovery Date: 2024-07-16 22:04
Estimated Attack Date: 2024-07-07

Sector: Construction
19.4GB

Victim:   |  Group: 
 flag

Verweij Elektrotechniek 

Company logo
Ransomware Group:

Discovery Date: 2024-07-16 22:03
Estimated Attack Date: 2024-07-04

Sector: Construction
95GB

Victim:   |  Group: 
US flag

Alvin Independent School District 

Company logo
Ransomware Group:

Discovery Date: 2024-07-16 21:43
Estimated Attack Date: 2024-07-04

60GB

Victim:   |  Group: 
US flag

West Allis-West Milwaukee School District 

Company logo
Ransomware Group:

Discovery Date: 2024-07-16 21:42
Estimated Attack Date: 2024-07-11

9,5 GB

Victim:   |  Group: 
OM flag

German University of Technology in Oman 

Company logo
Ransomware Group:

Discovery Date: 2024-07-16 21:42

Sector: Education
10 GB

Victim:   |  Group: