Ransomware Attack on DJG Projects by Fog Group Results in 19.4GB Data Breach
Ransomware Attack on DJG Projects by Fog Ransomware Group
Overview of DJG Projects
DJG Projects Pty Ltd is a bespoke building company based in Currumbin Waters, Queensland, Australia. Specializing in eco-friendly homes, architectural home building, and renovations, the company has earned recognition for its commitment to sustainable building practices, including a HIA Green Smart Award. Founded by David Goymour, DJG Projects operates with a focus on affordable sustainability, strong ethics, and a personal approach to each project. The company holds licenses in both Queensland and New South Wales and is classified as a small business, typically indicating a limited number of employees and a focus on local projects within the Gold Coast and Northern New South Wales regions.
Details of the Ransomware Attack
On July 17, 2024, DJG Projects fell victim to a ransomware attack orchestrated by the threat actor known as Fog. The attack resulted in a significant data breach, with 19.4GB of sensitive information being compromised. The incident underscores the growing threat of ransomware to businesses of all sizes and sectors, emphasizing the need for robust cybersecurity measures to protect valuable data and maintain operational integrity.
About Fog Ransomware Group
Fog ransomware is a malicious software variant that emerged in November 2021, primarily targeting Windows systems. It is known for encrypting files and appending the extensions ".FOG" or ".FLOCKED" to the affected filenames. The ransomware drops a ransom note named "readme.txt" or "HELP_YOUR_FILES.HTML," informing victims that their files have been encrypted and urging them to contact the attackers for file recovery. Fog ransomware has been particularly disruptive, with a significant focus on the education sector and the recreation industry. Attackers typically gain access to systems by exploiting compromised VPN credentials from two different vendors, allowing for remote infiltration.
Penetration and Impact
The Fog ransomware group distinguishes itself by its ability to disable Windows Defender, encrypt Virtual Machine Disk (VMDK) files, delete backups from Veeam, and remove volume shadow copies, making recovery extremely difficult. Currently, there is no known decryptor available for Fog ransomware, meaning that paying the ransom does not guarantee file restoration. The ransom demands are usually made in Bitcoin, and the threat actors may provide a link and a code for communication within the ransom note. The operational structure of the Fog ransomware group remains unclear, with ongoing research aimed at understanding its deployment and impact.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!