IOI Corporation Hit by Fog Ransomware, 20 GB Data Compromised

Incident Date:

August 6, 2024

World map

Overview

Title

IOI Corporation Hit by Fog Ransomware, 20 GB Data Compromised

Victim

IOI Corporation Berhad

Attacker

Fog

Location

Putrajaya, Malaysia

, Malaysia

First Reported

August 6, 2024

Ransomware Attack on IOI Corporation Berhad by Fog Ransomware Group

IOI Corporation Berhad, a leading entity in the global palm oil industry, has recently been targeted by the notorious Fog ransomware group. The cybercriminals claim to have exfiltrated 20 GB of sensitive data from the company, marking a significant breach in IOI's cybersecurity defenses.

About IOI Corporation Berhad

IOI Corporation Berhad, commonly known as IOI, is a major player in the palm oil sector, with operations spanning plantation and resource-based manufacturing. The company manages approximately 176,925 hectares of oil palm plantations in Malaysia and Indonesia. IOI's manufacturing segment includes refining crude palm oil and producing oleochemicals and specialty oils, with facilities located across Asia, Europe, and the United States. The company employs around 28,000 individuals and reported a revenue of RM 17.54 billion for the financial year ending June 30, 2023.

Attack Overview

The Fog ransomware group has claimed responsibility for the attack on IOI Corporation Berhad via their dark web leak site. The attackers assert that they have exfiltrated 20 GB of sensitive data, which could potentially include proprietary information, financial records, and personal data of employees. This breach highlights the increasing threat of ransomware attacks on large corporations, particularly those in critical industries like agriculture.

About Fog Ransomware Group

Fog ransomware emerged in November 2021, primarily targeting Windows systems. It is known for encrypting files and appending extensions such as ".FOG" or ".FLOCKED" to filenames. The ransomware drops a ransom note named "readme.txt" or "HELP_YOUR_FILES.HTML," instructing victims to contact the attackers for file recovery. Fog ransomware has been particularly disruptive in the education and recreation sectors, exploiting compromised VPN credentials to infiltrate systems.

Penetration and Impact

The Fog ransomware group likely penetrated IOI Corporation's systems by exploiting vulnerabilities in their cybersecurity infrastructure, possibly through compromised VPN credentials. Once inside, the ransomware can disable security measures, encrypt critical files, and delete backups, making recovery challenging. The lack of a known decryptor for Fog ransomware exacerbates the situation, leaving victims with limited options for data recovery.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.