Ransomware Attack on Ziba Design by Fog Ransomware Group

Ziba Design, a renowned multidisciplinary design consultancy based in Portland, Oregon, has recently fallen victim to a ransomware attack orchestrated by the notorious Fog ransomware group. The attack has resulted in the exfiltration of 22GB of sensitive data, putting the company in a challenging position as it deals with the aftermath.

About Ziba Design

Founded in 1984, Ziba Design is a prominent player in the Business Services sector, specializing in product design, brand strategy, and user experience. The firm is known for its innovative approach, integrating design thinking with business strategy to create impactful solutions for its clients. Ziba employs a diverse team of professionals from various disciplines, including anthropology, sociology, and engineering, which fosters creativity and innovation. The company's methodology, termed Visioneering™, combines user insights with market and cultural trends to develop groundbreaking products and services.

Attack Overview

The ransomware attack on Ziba Design was claimed by the Fog ransomware group via their dark web leak site. The attackers managed to infiltrate Ziba's systems and exfiltrate 22GB of data. The compromised information includes sensitive company data, which could have severe implications for Ziba and its clients. The attack has highlighted vulnerabilities in Ziba's cybersecurity measures, making it a target for sophisticated threat actors.

About Fog Ransomware Group

Fog ransomware is a malicious software variant that emerged in November 2021, primarily targeting Windows systems. It is known for encrypting files and appending the extensions ".FOG" or ".FLOCKED" to the affected filenames. The ransomware drops a ransom note named "readme.txt" or "HELP_YOUR_FILES.HTML," urging victims to contact the attackers for file recovery. Fog ransomware has been particularly disruptive, with a significant focus on the education and recreation sectors. Attackers typically gain access to systems by exploiting compromised VPN credentials, allowing for remote infiltration.

Penetration and Impact

The Fog ransomware group likely penetrated Ziba Design's systems by exploiting compromised VPN credentials, a common tactic used by the group. Once inside, the ransomware can disable Windows Defender, encrypt Virtual Machine Disk (VMDK) files, delete backups from Veeam, and remove volume shadow copies, making recovery extremely difficult. The lack of a known decryptor for Fog ransomware means that paying the ransom does not guarantee file restoration, adding to the complexity of the situation for Ziba Design.

Sources

• Ziba Design
• PCRisk - Fog Ransomware
• BeforeCrypt - Fog Ransomware
• Dark Reading - Fog Ransomware