Ransomware Attack on Cordogan Clark & Associates by Fog Group

Cordogan Clark & Associates, a distinguished architectural, planning, engineering, and construction firm, has recently fallen victim to a ransomware attack orchestrated by the notorious Fog ransomware group. This incident underscores the growing threat of cyberattacks targeting the construction and architectural sectors, which are increasingly reliant on digital infrastructure.

About Cordogan Clark & Associates

Founded in 1951, Cordogan Clark & Associates is a well-established firm headquartered in Aurora, Illinois, with additional offices in Chicago and Lafayette. The company employs approximately 127 professionals and has completed over 5,000 projects. Known for its innovative design and technical expertise, the firm specializes in a wide range of projects, including educational, commercial, institutional, and residential architecture. Their commitment to high-quality design and functional efficiency has earned them a reputation for delivering projects on time and within budget.

Details of the Ransomware Attack

The Fog ransomware group claims to have exfiltrated 107 GB of sensitive data from Cordogan Clark & Associates. The compromised data reportedly includes personal employee information, client communications, and human resources documents. Among the more sensitive files accessed are non-disclosure agreements, social security numbers, driver licenses, and passports. This breach poses significant risks to the company's operations and its stakeholders, given its annual revenue exceeding $14 million.

Fog Ransomware Group

Fog ransomware, a variant of the STOP/DJVU family, has been a significant threat since its emergence in November 2021. It primarily targets Windows systems but has also been observed affecting Linux environments. The group is known for its rapid encryption capabilities and sophisticated attack mechanisms, including exploiting compromised VPN credentials and known vulnerabilities in applications. Fog ransomware has recently shifted its focus towards more lucrative targets, particularly within the financial sector, marking its evolution into a more prominent cybercrime organization.

Potential Vulnerabilities

Cordogan Clark & Associates' reliance on digital systems for managing complex projects may have made them vulnerable to such an attack. The firm's extensive use of digital communications and data storage could have provided entry points for the ransomware group. The attack highlights the importance of effective cybersecurity measures, especially for firms handling sensitive client and employee data.

Sources

• Cordogan Clark & Associates
• BeforeCrypt: Fog Ransomware
• Adlumin: Fog Ransomware
• Archinect: Cordogan Clark & Associates
• BleepingComputer: Fog Ransomware