Dorner GmbH Faces Cyberattack by Fog Ransomware Group

Incident Date: Dec 05, 2024

Attack Overview

VICTIM

Dorner GmbH

INDUSTRY

Manufacturing

LOCATION

Germany

ATTACKER

Fog

FIRST REPORTED

December 5, 2024

Request Removal

Ransomware Attack on Dorner GmbH: A Closer Look at the Fog Ransomware Group's Latest Target

Dorner GmbH, a key player in the manufacturing sector, has recently fallen victim to a ransomware attack allegedly orchestrated by the notorious Fog ransomware group. This incident highlights the growing threat of cyberattacks on industrial companies, particularly those with significant digital assets and operational dependencies.

About Dorner GmbH

Founded in 1966, Dorner GmbH is a subsidiary of Dorner Mfg. Corp., renowned for its innovative conveyor systems and health IT solutions. The company operates globally, serving over 1,200 industries with a focus on enhancing efficiency through automation. Dorner's product line includes low-profile and heavy-duty conveyors, as well as sanitary solutions for food and medical applications. Their health IT division is recognized for its laboratory information systems, widely used across German-speaking countries.

Attack Overview

The Fog ransomware group claims to have exfiltrated 1 GB of sensitive data from Dorner GmbH, including human resources files with employee contact information. This breach underscores the vulnerabilities inherent in companies with extensive digital operations. Dorner's reliance on interconnected systems for both manufacturing and IT solutions may have presented an attractive target for cybercriminals.

Fog Ransomware Group

Fog ransomware, a variant of the STOP/DJVU family, is known for its double extortion tactics, encrypting data and threatening to leak it unless a ransom is paid. The group typically gains access through compromised VPN credentials or weak RDP configurations, often using phishing attacks to deploy malicious payloads. Once inside, they employ tools like Cobalt Strike for lateral movement and data exfiltration.

Potential Vulnerabilities

Dorner GmbH's extensive digital infrastructure, necessary for its dual focus on manufacturing and health IT, may have been a factor in its vulnerability to this attack. The integration of complex systems, while beneficial for operational efficiency, can also create potential entry points for sophisticated threat actors like the Fog group.

Sources

https://www.ransomware.live/id/RG9ybmVyIChkb3JuZXItZ21iaC5kZSlAZm9n

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.