Ransomware Attack on Geelong Lutheran College by Fog Group Results in 4GB Data Leak

Incident Date: Jul 16, 2024

Attack Overview

VICTIM

Geelong Lutheran College

INDUSTRY

Education

LOCATION

Australia

ATTACKER

Fog

FIRST REPORTED

July 16, 2024

Request Removal

Ransomware Attack on Geelong Lutheran College by Fog Ransomware Group

Overview of Geelong Lutheran College

Geelong Lutheran College (GLC), located in Newtown, Victoria, is a prominent educational institution under the Lutheran Church of Australia. Established in 1962, the college provides primary and secondary education from Foundation to Year 12. GLC is recognized for its commitment to delivering high-quality education within a caring, supportive, and Christ-centered environment. The college employs approximately 143 staff members and generates an estimated revenue of $18.9 million annually. GLC stands out in the education sector for its holistic approach to student development, offering a wide range of academic subjects and co-curricular activities.

Details of the Ransomware Attack

On July 17, 2024, Geelong Lutheran College fell victim to a ransomware attack orchestrated by the Fog ransomware group. The attack targeted the college's domain, glc.vic.edu.au, resulting in a data leak of approximately 4GB. The compromised data potentially includes sensitive information related to the institution and its stakeholders. The attack was publicly claimed by Fog on their dark web leak site, highlighting the college's vulnerabilities in cybersecurity.

About Fog Ransomware Group

Fog ransomware is a malicious software variant that emerged in November 2021, primarily targeting Windows systems. It is notorious for encrypting files and appending extensions such as ".FOG" or ".FLOCKED" to the affected filenames. The ransomware drops a ransom note named "readme.txt" or "HELP_YOUR_FILES.HTML," urging victims to contact the attackers for file recovery. Fog ransomware has been particularly disruptive in the education sector, with 80% of its victims located in this field. The group typically gains access to systems by exploiting compromised VPN credentials, allowing for remote infiltration.

Penetration and Impact

The Fog ransomware group distinguishes itself by its focus on the education sector and its sophisticated methods of infiltration. Attackers often exploit compromised VPN credentials from different vendors to gain remote access to systems. Once inside, Fog ransomware can disable Windows Defender, encrypt Virtual Machine Disk (VMDK) files, delete backups from Veeam, and remove volume shadow copies, making recovery extremely difficult. Currently, there is no known decryptor available for Fog ransomware, and paying the ransom does not guarantee file restoration.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.