Nunhems Hit by FOG Ransomware: 30 GB Data Compromised
FOG Ransomware Group Targets Nunhems: A Detailed Analysis
Nunhems, a prominent brand under BASF specializing in vegetable seeds and related solutions, has recently fallen victim to a ransomware attack by the FOG ransomware group. The attackers claim to have exfiltrated 30 GB of data from the organization, posing significant risks to its operations and data integrity.
Company Overview
Nunhems operates in the agriculture sector, focusing on the development and supply of vegetable seeds. The company offers a comprehensive approach, providing not just seeds but also partnerships and customer-oriented solutions. With a diverse portfolio of over 1,200 varieties across 24 different vegetable and fruit crops, Nunhems serves a wide range of stakeholders, including growers, processors, plant raisers, dealers, traders, retailers, and the food service industry. The company employs approximately 2,000 people across 37 countries, emphasizing its global reach and commitment to enhancing healthy eating practices.
Commitment to Sustainability and Innovation
Nunhems is dedicated to sustainability and innovation, aiming to improve the quality and resilience of its vegetable varieties. The company has made significant advancements in developing disease-resistant varieties, such as those resistant to Tomato Brown Rugose Fruit Virus (ToBRFV). This focus on research and development underscores their commitment to addressing the evolving needs of the agricultural sector and consumers worldwide.
Attack Overview
The FOG ransomware group, known for encrypting files and appending extensions like ".FOG" or ".FLOCKED," has claimed responsibility for the attack on Nunhems. The group typically drops a ransom note named "readme.txt" or "HELP_YOUR_FILES.HTML," urging victims to contact the attackers for file recovery. In this case, the attackers have exfiltrated 30 GB of data, potentially compromising sensitive information and disrupting Nunhems' operations.
FOG Ransomware Group Profile
FOG ransomware emerged in November 2021, primarily targeting Windows systems. The group has been particularly disruptive in the education and recreation sectors, exploiting compromised VPN credentials to gain remote access to systems. Once inside, FOG ransomware can disable Windows Defender, encrypt Virtual Machine Disk (VMDK) files, delete backups from Veeam, and remove volume shadow copies, making recovery extremely difficult. Currently, there is no known decryptor available for FOG ransomware, and paying the ransom does not guarantee file restoration.
Potential Vulnerabilities
Nunhems' extensive global operations and reliance on digital systems for managing its diverse portfolio and partnerships make it a lucrative target for ransomware groups like FOG. The company's commitment to innovation and sustainability involves significant data handling, which, if compromised, can lead to severe operational disruptions and financial losses. The attack highlights the critical need for effective cybersecurity measures to protect against such sophisticated threats.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!