Ransomware Hits Swedish Auto Dealer Askling Bil by Fog Group
Incident Date:
October 31, 2024
Overview
Title
Ransomware Hits Swedish Auto Dealer Askling Bil by Fog Group
Victim
Askling Bil
Attacker
Fog
Location
First Reported
October 31, 2024
Ransomware Attack on Askling Bil by Fog Group
Askling Bil, a family-owned automotive business based in Sweden, has fallen victim to a ransomware attack orchestrated by the Fog group. The company, known for being an authorized dealer for Toyota and Lexus vehicles, operates multiple locations in the Östergötland region, offering a wide range of automotive services including vehicle sales, servicing, and financing options.
Company Profile
Askling Bil AB, with its headquarters in Linköping, Sweden, is a medium-sized enterprise with approximately 105 employees. The company reported a revenue of 824,718 KSEK in 2023, showcasing its strong position in the automotive market. Askling Bil is recognized for its extensive service offerings, customer-centric approach, and commitment to quality, particularly in relation to Toyota vehicles.
Attack Overview
The Fog ransomware group targeted Askling Bil, claiming to have accessed 2.6 GB of sensitive data, including customer communications, human resources information, and employee contact details. This breach poses a significant threat to the company, given its prominence in the automotive industry and the nature of the compromised data.
Fog Ransomware Group
Fog ransomware, a variant of the STOP/DJVU family, is known for encrypting files with extensions like .fog or .flocked. The group typically demands ransom payments in Bitcoin for decryption. Fog ransomware has evolved to target lucrative sectors such as finance, showcasing a shift in its focus from educational institutions to more profitable organizations.
Attack Details
The attackers likely gained access to Askling Bil's systems through compromised VPN credentials or exploiting vulnerabilities in applications. Once inside, they encrypted critical files, including customer contact information and human resources documents. The rapid encryption capabilities of Fog ransomware have been highlighted, with some attacks completing file encryption within just two hours of initial access.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.