Ransomware Attack Hits Cordogan Clark by Fog Group

Incident Date:

October 16, 2024

World map

Overview

Title

Ransomware Attack Hits Cordogan Clark by Fog Group

Victim

Cordogan Clark and Associates

Attacker

Fog

Location

Aurora, USA

Illinois, USA

First Reported

October 16, 2024

Ransomware Attack on Cordogan Clark & Associates by Fog Group

Cordogan Clark & Associates, a distinguished architectural, planning, engineering, and construction firm, has recently fallen victim to a ransomware attack orchestrated by the notorious Fog ransomware group. This incident underscores the growing threat of cyberattacks targeting the construction and architectural sectors, which are increasingly reliant on digital infrastructure.

About Cordogan Clark & Associates

Founded in 1951, Cordogan Clark & Associates is a well-established firm headquartered in Aurora, Illinois, with additional offices in Chicago and Lafayette. The company employs approximately 127 professionals and has completed over 5,000 projects. Known for its innovative design and technical expertise, the firm specializes in a wide range of projects, including educational, commercial, institutional, and residential architecture. Their commitment to high-quality design and functional efficiency has earned them a reputation for delivering projects on time and within budget.

Details of the Ransomware Attack

The Fog ransomware group claims to have exfiltrated 107 GB of sensitive data from Cordogan Clark & Associates. The compromised data reportedly includes personal employee information, client communications, and human resources documents. Among the more sensitive files accessed are non-disclosure agreements, social security numbers, driver licenses, and passports. This breach poses significant risks to the company's operations and its stakeholders, given its annual revenue exceeding $14 million.

Fog Ransomware Group

Fog ransomware, a variant of the STOP/DJVU family, has been a significant threat since its emergence in November 2021. It primarily targets Windows systems but has also been observed affecting Linux environments. The group is known for its rapid encryption capabilities and sophisticated attack mechanisms, including exploiting compromised VPN credentials and known vulnerabilities in applications. Fog ransomware has recently shifted its focus towards more lucrative targets, particularly within the financial sector, marking its evolution into a more prominent cybercrime organization.

Potential Vulnerabilities

Cordogan Clark & Associates' reliance on digital systems for managing complex projects may have made them vulnerable to such an attack. The firm's extensive use of digital communications and data storage could have provided entry points for the ransomware group. The attack highlights the importance of effective cybersecurity measures, especially for firms handling sensitive client and employee data.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.