Ransomware Attack on Asbury Theological Seminary by Fog Group Exposes Sensitive Data

Incident Date: Jul 16, 2024

Attack Overview

VICTIM

Asbury Theological Seminary

INDUSTRY

Education

LOCATION

USA

ATTACKER

Fog

FIRST REPORTED

July 16, 2024

Request Removal

Ransomware Attack on Asbury Theological Seminary by Fog Group

Overview of Asbury Theological Seminary

Asbury Theological Seminary, established in 1923, is a private evangelical institution affiliated with the Wesleyan-Holiness tradition. The seminary offers graduate-level theological education, including programs such as the Master of Divinity (M.Div.), Master of Arts (M.A.) in various concentrations, and Doctor of Ministry (D.Min.). With a mission to equip men and women to proclaim the gospel and spread scriptural holiness, Asbury serves a diverse student body of over 1,700 students from more than 80 denominations and 40 countries. The seminary employs between 201 and 500 individuals and operates primarily as a non-profit organization.

Details of the Ransomware Attack

On July 17, 2024, Asbury Theological Seminary fell victim to a ransomware attack orchestrated by the Fog ransomware group. The attack resulted in a data leak of approximately 10GB, compromising the seminary's primary domain, asburyseminary.edu. This breach potentially exposed sensitive information related to the seminary's operations and stakeholders, highlighting the growing threat of cyberattacks on educational and religious institutions.

About the Fog Ransomware Group

Fog ransomware emerged in November 2021, primarily targeting Windows systems. It is known for encrypting files and appending the extensions ".FOG" or ".FLOCKED" to affected filenames. The ransomware drops a ransom note named "readme.txt" or "HELP_YOUR_FILES.HTML," urging victims to contact the attackers for file recovery. Fog ransomware has been particularly disruptive in the education sector, with 80% of its victims located there. Attackers typically gain access to systems by exploiting compromised VPN credentials, allowing for remote infiltration.

Penetration and Impact

The Fog ransomware group likely penetrated Asbury Theological Seminary's systems by exploiting compromised VPN credentials. Once inside, the ransomware can disable Windows Defender, encrypt Virtual Machine Disk (VMDK) files, delete backups from Veeam, and remove volume shadow copies, making recovery extremely difficult. Currently, there is no known decryptor available for Fog ransomware, and paying the ransom does not guarantee file restoration. The attack on Asbury underscores the vulnerabilities educational institutions face and the critical need for robust cybersecurity measures.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.