Ransomware Attack on DJG Projects by Fog Group Results in 19.4GB Data Breach
Incident Date:
July 16, 2024
Overview
Title
Ransomware Attack on DJG Projects by Fog Group Results in 19.4GB Data Breach
Victim
Djg Projects
Attacker
Fog
Location
First Reported
July 16, 2024
Ransomware Attack on DJG Projects by Fog Ransomware Group
Overview of DJG Projects
DJG Projects Pty Ltd is a bespoke building company based in Currumbin Waters, Queensland, Australia. Specializing in eco-friendly homes, architectural home building, and renovations, the company has earned recognition for its commitment to sustainable building practices, including a HIA Green Smart Award. Founded by David Goymour, DJG Projects operates with a focus on affordable sustainability, strong ethics, and a personal approach to each project. The company holds licenses in both Queensland and New South Wales and is classified as a small business, typically indicating a limited number of employees and a focus on local projects within the Gold Coast and Northern New South Wales regions.
Details of the Ransomware Attack
On July 17, 2024, DJG Projects fell victim to a ransomware attack orchestrated by the threat actor known as Fog. The attack resulted in a significant data breach, with 19.4GB of sensitive information being compromised. The incident underscores the growing threat of ransomware to businesses of all sizes and sectors, emphasizing the need for robust cybersecurity measures to protect valuable data and maintain operational integrity.
About Fog Ransomware Group
Fog ransomware is a malicious software variant that emerged in November 2021, primarily targeting Windows systems. It is known for encrypting files and appending the extensions ".FOG" or ".FLOCKED" to the affected filenames. The ransomware drops a ransom note named "readme.txt" or "HELP_YOUR_FILES.HTML," informing victims that their files have been encrypted and urging them to contact the attackers for file recovery. Fog ransomware has been particularly disruptive, with a significant focus on the education sector and the recreation industry. Attackers typically gain access to systems by exploiting compromised VPN credentials from two different vendors, allowing for remote infiltration.
Penetration and Impact
The Fog ransomware group distinguishes itself by its ability to disable Windows Defender, encrypt Virtual Machine Disk (VMDK) files, delete backups from Veeam, and remove volume shadow copies, making recovery extremely difficult. Currently, there is no known decryptor available for Fog ransomware, meaning that paying the ransom does not guarantee file restoration. The ransom demands are usually made in Bitcoin, and the threat actors may provide a link and a code for communication within the ransom note. The operational structure of the Fog ransomware group remains unclear, with ongoing research aimed at understanding its deployment and impact.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.