FOG Ransomware Group Targets Nunhems: A Detailed Analysis

Nunhems, a prominent brand under BASF specializing in vegetable seeds and related solutions, has recently fallen victim to a ransomware attack by the FOG ransomware group. The attackers claim to have exfiltrated 30 GB of data from the organization, posing significant risks to its operations and data integrity.

Company Overview

Nunhems operates in the agriculture sector, focusing on the development and supply of vegetable seeds. The company offers a comprehensive approach, providing not just seeds but also partnerships and customer-oriented solutions. With a diverse portfolio of over 1,200 varieties across 24 different vegetable and fruit crops, Nunhems serves a wide range of stakeholders, including growers, processors, plant raisers, dealers, traders, retailers, and the food service industry. The company employs approximately 2,000 people across 37 countries, emphasizing its global reach and commitment to enhancing healthy eating practices.

Commitment to Sustainability and Innovation

Nunhems is dedicated to sustainability and innovation, aiming to improve the quality and resilience of its vegetable varieties. The company has made significant advancements in developing disease-resistant varieties, such as those resistant to Tomato Brown Rugose Fruit Virus (ToBRFV). This focus on research and development underscores their commitment to addressing the evolving needs of the agricultural sector and consumers worldwide.

Attack Overview

The FOG ransomware group, known for encrypting files and appending extensions like ".FOG" or ".FLOCKED," has claimed responsibility for the attack on Nunhems. The group typically drops a ransom note named "readme.txt" or "HELP_YOUR_FILES.HTML," urging victims to contact the attackers for file recovery. In this case, the attackers have exfiltrated 30 GB of data, potentially compromising sensitive information and disrupting Nunhems' operations.

FOG Ransomware Group Profile

FOG ransomware emerged in November 2021, primarily targeting Windows systems. The group has been particularly disruptive in the education and recreation sectors, exploiting compromised VPN credentials to gain remote access to systems. Once inside, FOG ransomware can disable Windows Defender, encrypt Virtual Machine Disk (VMDK) files, delete backups from Veeam, and remove volume shadow copies, making recovery extremely difficult. Currently, there is no known decryptor available for FOG ransomware, and paying the ransom does not guarantee file restoration.

Potential Vulnerabilities

Nunhems' extensive global operations and reliance on digital systems for managing its diverse portfolio and partnerships make it a lucrative target for ransomware groups like FOG. The company's commitment to innovation and sustainability involves significant data handling, which, if compromised, can lead to severe operational disruptions and financial losses. The attack highlights the critical need for effective cybersecurity measures to protect against such sophisticated threats.

• Nunhems - About Us
• PCRisk - FOG Ransomware
• WatchGuard - FOG Ransomware Tracker
• BeforeCrypt - FOG Ransomware
• Dark Reading - FOG Ransomware