FOG Ransomware Hits Juice Generation Exposing 10GB of Sensitive Data

Incident Date:

September 20, 2024

World map

Overview

Title

FOG Ransomware Hits Juice Generation Exposing 10GB of Sensitive Data

Victim

Juice Generation

Attacker

Fog

Location

New York, USA

New York, USA

First Reported

September 20, 2024

FOG Ransomware Group Targets Juice Generation in Major Cyber Attack

Juice Generation Inc., a prominent juice bar chain based in New York City, has fallen victim to a ransomware attack orchestrated by the FOG ransomware group. The attackers claim to have exfiltrated 10 GB of sensitive data from the company, which specializes in health and wellness products.

About Juice Generation

Founded in 1999 by Eric Helms, Juice Generation operates numerous locations across New York City, offering a variety of nutrient-rich products such as freshly pressed juices, smoothies, and acai bowls. The company is known for its commitment to quality, sourcing local and organic produce, and innovative use of superfoods. Juice Generation employs approximately 141 people and has an annual revenue of about $60.6 million. The brand has also gained attention through collaborations with celebrities like Salma Hayek, further solidifying its reputation in the health-focused beverage industry.

Attack Overview

The FOG ransomware group has claimed responsibility for the attack on Juice Generation via their dark web leak site. The group alleges that they have exfiltrated 10 GB of data, which could potentially include sensitive customer information, financial records, and proprietary business data. The attack has raised significant concerns about the security measures in place at Juice Generation, given the company's substantial market presence and customer base.

About FOG Ransomware Group

FOG ransomware emerged in November 2021 and primarily targets Windows systems. It is notorious for encrypting files and appending extensions such as ".FOG" or ".FLOCKED" to the affected filenames. The ransomware typically drops a ransom note named "readme.txt" or "HELP_YOUR_FILES.HTML," instructing victims to contact the attackers for file recovery. FOG ransomware has been particularly disruptive in the education and recreation sectors, exploiting compromised VPN credentials to infiltrate systems.

Penetration and Impact

FOG ransomware is known for its ability to disable Windows Defender, encrypt Virtual Machine Disk (VMDK) files, delete backups from Veeam, and remove volume shadow copies, making recovery extremely difficult. The exact method of penetration in the Juice Generation attack remains unclear, but it is likely that the attackers exploited vulnerabilities in the company's network security, possibly through compromised VPN credentials or phishing attacks.

Implications for Juice Generation

The ransomware attack on Juice Generation highlights the vulnerabilities that even well-established companies face in the digital age. With a significant amount of sensitive data potentially compromised, the company may face reputational damage, financial losses, and legal repercussions. This incident underscores the importance of comprehensive cybersecurity measures to protect against increasingly sophisticated ransomware threats.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.