Ransomware Attack on Asbury Theological Seminary by Fog Group Exposes Sensitive Data
Incident Date:
July 16, 2024
Overview
Title
Ransomware Attack on Asbury Theological Seminary by Fog Group Exposes Sensitive Data
Victim
Asbury Theological Seminary
Attacker
Fog
Location
First Reported
July 16, 2024
Ransomware Attack on Asbury Theological Seminary by Fog Group
Overview of Asbury Theological Seminary
Asbury Theological Seminary, established in 1923, is a private evangelical institution affiliated with the Wesleyan-Holiness tradition. The seminary offers graduate-level theological education, including programs such as the Master of Divinity (M.Div.), Master of Arts (M.A.) in various concentrations, and Doctor of Ministry (D.Min.). With a mission to equip men and women to proclaim the gospel and spread scriptural holiness, Asbury serves a diverse student body of over 1,700 students from more than 80 denominations and 40 countries. The seminary employs between 201 and 500 individuals and operates primarily as a non-profit organization.
Details of the Ransomware Attack
On July 17, 2024, Asbury Theological Seminary fell victim to a ransomware attack orchestrated by the Fog ransomware group. The attack resulted in a data leak of approximately 10GB, compromising the seminary's primary domain, asburyseminary.edu. This breach potentially exposed sensitive information related to the seminary's operations and stakeholders, highlighting the growing threat of cyberattacks on educational and religious institutions.
About the Fog Ransomware Group
Fog ransomware emerged in November 2021, primarily targeting Windows systems. It is known for encrypting files and appending the extensions ".FOG" or ".FLOCKED" to affected filenames. The ransomware drops a ransom note named "readme.txt" or "HELP_YOUR_FILES.HTML," urging victims to contact the attackers for file recovery. Fog ransomware has been particularly disruptive in the education sector, with 80% of its victims located there. Attackers typically gain access to systems by exploiting compromised VPN credentials, allowing for remote infiltration.
Penetration and Impact
The Fog ransomware group likely penetrated Asbury Theological Seminary's systems by exploiting compromised VPN credentials. Once inside, the ransomware can disable Windows Defender, encrypt Virtual Machine Disk (VMDK) files, delete backups from Veeam, and remove volume shadow copies, making recovery extremely difficult. Currently, there is no known decryptor available for Fog ransomware, and paying the ransom does not guarantee file restoration. The attack on Asbury underscores the vulnerabilities educational institutions face and the critical need for robust cybersecurity measures.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.