Sunrise Farms Hit by Fog Ransomware Group in Major Data Breach

Incident Date:

September 19, 2024

World map

Overview

Title

Sunrise Farms Hit by Fog Ransomware Group in Major Data Breach

Victim

Sunrise Farms Inc.

Attacker

Fog

Location

Stuarts Draft, USA

Virginia, USA

First Reported

September 19, 2024

Ransomware Attack on Sunrise Farms Inc. by Fog Ransomware Group

Sunrise Farms Inc., a multifaceted agricultural enterprise based in Catskill, New York, has recently fallen victim to a ransomware attack orchestrated by the notorious Fog ransomware group. The attackers have claimed responsibility for the breach via their dark web leak site, asserting that they have exfiltrated 30 GB of the company's data.

About Sunrise Farms Inc.

Sunrise Farms Inc. operates in the agricultural sector, engaging in a diverse range of farming activities including aquaculture, cattle ranching, fruit and tree nut farming, and greenhouse operations. The company is known for its commitment to sustainable practices, particularly non-GMO farming, and has a strong focus on community engagement through educational programs and events. Their facility spans 65 acres and supports various equestrian activities, making it a regional hub for horse enthusiasts.

With approximately 17 employees and an estimated revenue of around $6 million, Sunrise Farms Inc. is a small to medium-sized enterprise. Their dedication to sustainable farming practices and quality service has positioned them as a responsible player in the agricultural sector.

Attack Overview

The Fog ransomware group, which emerged in November 2021, has claimed responsibility for the attack on Sunrise Farms Inc. The group is known for encrypting files and appending extensions such as ".FOG" or ".FLOCKED" to the affected filenames. The ransomware typically drops a ransom note named "readme.txt" or "HELP_YOUR_FILES.HTML," urging victims to contact the attackers for file recovery.

In this particular attack, the Fog ransomware group has exfiltrated 30 GB of data from Sunrise Farms Inc. The attackers likely gained access to the company's systems by exploiting compromised VPN credentials, a common tactic used by this group. Once inside, the ransomware can disable Windows Defender, encrypt Virtual Machine Disk (VMDK) files, delete backups from Veeam, and remove volume shadow copies, making recovery extremely difficult.

About Fog Ransomware Group

Fog ransomware is particularly disruptive, with a significant focus on the education and recreation sectors. The group distinguishes itself by its ability to disable security measures and delete backups, thereby complicating recovery efforts. Currently, there is no known decryptor available for Fog ransomware, and paying the ransom does not guarantee file restoration. The ransom demands are usually made in Bitcoin, and the threat actors provide a link and a code for communication within the ransom note.

The operational structure of the Fog ransomware group remains unclear, with ongoing research aimed at understanding its deployment and impact. This attack on Sunrise Farms Inc. highlights the vulnerabilities that small to medium-sized enterprises face in the ever-evolving landscape of cyber threats.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.