Fog Ransomware Proves to be Relentless for Encrypting Files on Infected Computers
Fog ransomware is a particularly dangerous form of malware designed to encrypt files on infected computers, leaving victims unable to access their data without paying a ransom. This ransomware appends either ".FOG" or ".FLOCKED" extensions to filenames, effectively renaming them. For example, "1.jpg" becomes "1.jpg.FOG" or "1.jpg.FLOCKED". Additionally, it leaves behind a ransom note in a file named "readme.txt".
Table of Contents
Fog Ransom Note Overview
The ransom note from Fog informs victims that their files have been encrypted and that some files have been copied to "internal resources." The note urges immediate contact with the attackers, providing a link and a unique code for communication. The intent is to pressure victims into paying a ransom to restore their files.
The Ransom note reads like the following:
If you are reading this, then you have been the victim of a cyber attack. We call ourselves Fog and we take responsibility for this incident. We are the ones who encrypted your data and also copied some of it to our internal resource. The sooner you contact us, the sooner we can resolve this incident and get you back to work.
To contact us you need to have Tor browser installed:1. Follow this link: xql562evsy7njcsnga************************xu2gtqh26newid.onion
2. Enter the code: ******************
3. Now we can communicate safely.If you are decision-maker, you will get all the details when you get in touch. We are waiting for you.
Detailed Analysis of Fog Ransomware
Fog ransomware is known for its ability to disable Windows Defender, the built-in antivirus and anti-malware tool in Windows, facilitating its undetected operation. It can encrypt Virtual Machine Disk (VMDK) files, which are crucial for storing virtual machine data. Furthermore, Fog targets and deletes backups from Veeam, a popular backup solution, and removes volume shadow copies, which are backup copies of files or volumes in Windows.
Understanding Ransomware
Ransomware is a type of malicious software that blocks access to files by encrypting them until a ransom is paid. After encryption, victims are presented with a ransom note demanding payment, usually in cryptocurrency. It is generally advised not to pay the ransom, as there is no guarantee that cybercriminals will provide decryption tools. Ransomware can also spread across local networks, making prompt removal essential. Other examples of ransomware include DORRA, RansomHub, and Orbit.
Common Infection Vectors
Ransomware often infiltrates computers through various deceptive methods:
- Email Attachments: Malicious attachments or links in emails.
- Pirated Software: Cracked software or key generators containing ransomware.
- Malicious Advertisements: Ads leading to infected downloads.
- P2P Networks and File Hosting Sites: Downloading from unreliable sources.
- Infected USB Drives and Technical Support Scams: Physical and social engineering methods.
Cybercriminals also exploit vulnerabilities in outdated software or operating systems. In the case of Fog, attackers have used compromised VPN credentials from multiple vendors to gain access to computers remotely.
Protecting Against Ransomware
To safeguard against ransomware:
- Use Official Sources: Download files and programs from official websites or app stores.
- Avoid Pirated Software: Do not use cracking tools or key generators.
- Be Wary of Suspicious Websites and Emails: Avoid clicking on ads, pop-ups, and links from unknown senders.
- Regular Updates: Keep the operating system and installed programs up to date.
- Security Software: Install and regularly run scans with a reputable security suite.
Responding to a Fog Ransomware Infection
If your computer is infected with Fog ransomware, it is crucial to run a scan with a trusted anti-malware program to eliminate the threat. This step is vital to prevent further encryption and potential spread within your network.
