Ransomware Attack on German University of Technology in Oman by Fog Ransomware Group
Incident Date:
July 16, 2024
Overview
Title
Ransomware Attack on German University of Technology in Oman by Fog Ransomware Group
Victim
German University of Technology in Oman
Attacker
Fog
Location
First Reported
July 16, 2024
Ransomware Attack on German University of Technology in Oman
Overview of the Attack
On July 17, 2024, the German University of Technology in Oman (GUtech) experienced a ransomware attack orchestrated by the notorious Fog ransomware group. The attack resulted in a significant data breach, with approximately 10GB of sensitive academic and administrative information compromised. The university is currently assessing the extent of the damage and implementing measures to mitigate the impact.
About the German University of Technology in Oman
Established in 2007 through a collaboration with RWTH Aachen University, GUtech is a prominent private institution located in Halban, Oman. The university offers a range of undergraduate and postgraduate programs, primarily focused on engineering, technology, and applied sciences. With over 2,200 enrolled students as of the 2019 academic year, GUtech is recognized for its commitment to high-quality education, innovative research, and cultural integration.
What Makes GUtech Stand Out
GUtech integrates German educational standards with Omani cultural values, fostering a unique academic environment. The university's programs are internationally accredited, and it has received institutional accreditation from the Omani Authority for Academic Accreditation and Quality Assurance of Education. GUtech's emphasis on research and innovation, including projects on sustainability and environmental stewardship, further enhances its reputation as a leading educational institution in Oman.
Vulnerabilities and Attack Details
GUtech's focus on integrating technology in education may have made it a target for cybercriminals. The Fog ransomware group, known for targeting the education sector, likely exploited compromised VPN credentials to infiltrate the university's systems. Once inside, the ransomware encrypted files, disabled Windows Defender, and deleted backups, making recovery challenging. The attackers demanded a ransom in Bitcoin, but paying the ransom does not guarantee file restoration.
About the Fog Ransomware Group
Fog ransomware emerged in November 2021, primarily targeting Windows systems. It is known for encrypting files and appending extensions such as ".FOG" or ".FLOCKED." The group has been particularly disruptive in the education sector, with 80% of its victims located there. Fog ransomware typically gains access through compromised VPN credentials and employs various techniques to disable security measures and delete backups, complicating recovery efforts.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.