Ransomware Attack on Complete Recycling Services by Fog Group

Complete Recycling Services, LLC (CRS), a notable entity in the scrap metal recycling sector, has allegedly been targeted by a ransomware attack executed by the infamous Fog ransomware group. Situated in St. Francis, Wisconsin, CRS is esteemed for its dedication to sustainable recycling, converting ferrous and non-ferrous waste metals into marketable products. Operating from two Milwaukee locations, the company employs around five individuals and reports annual revenues of approximately $1.4 million.

Company Profile and Industry Standing

Since its inception in 2015, CRS has established itself in the recycling industry by providing customized solutions for commercial and industrial clients. The company handles a range of metals, including steel, copper, aluminum, and electronic waste, with a strong emphasis on cleanliness and organization. This commitment to responsible recycling and customer service sets CRS apart, positioning it as a leader in delivering efficient recycling solutions.

Details of the Ransomware Attack

The Fog ransomware group claims to have extracted 1.4 GB of sensitive data from CRS, encompassing human resources and medical documents. The purportedly compromised data includes Social Security Numbers (SSNs) and Commercial Driver's License (CDL) numbers, presenting significant privacy and security concerns for individuals linked to the company. This incident brings to light potential weaknesses in CRS's cybersecurity framework, possibly stemming from inadequate remote access configurations or phishing attacks.

Fog Ransomware Group: A Growing Threat

Fog ransomware, identified as a variant of the STOP/DJVU family, has gained a reputation for its advanced attack strategies and adaptive tactics. The group is known for using double extortion techniques, encrypting data while also threatening to disclose sensitive information if ransom demands are unmet. Typically, Fog gains initial access through compromised VPN credentials or weak Remote Desktop Protocol (RDP) settings, often leveraging phishing attacks to deliver malicious payloads.

Upon infiltrating a network, Fog employs tools like Cobalt Strike and Mimikatz to escalate privileges and move laterally, encrypting files across multiple devices. The group appends extensions such as .FOG to encrypted files and issues ransom notes with payment instructions. This attack on CRS highlights the critical need for enhanced cybersecurity measures to protect against such sophisticated threats.