Ransomware Attack on Asbury Theological Seminary by Fog Group Exposes Sensitive Data
Ransomware Attack on Asbury Theological Seminary by Fog Group
Overview of Asbury Theological Seminary
Asbury Theological Seminary, established in 1923, is a private evangelical institution affiliated with the Wesleyan-Holiness tradition. The seminary offers graduate-level theological education, including programs such as the Master of Divinity (M.Div.), Master of Arts (M.A.) in various concentrations, and Doctor of Ministry (D.Min.). With a mission to equip men and women to proclaim the gospel and spread scriptural holiness, Asbury serves a diverse student body of over 1,700 students from more than 80 denominations and 40 countries. The seminary employs between 201 and 500 individuals and operates primarily as a non-profit organization.
Details of the Ransomware Attack
On July 17, 2024, Asbury Theological Seminary fell victim to a ransomware attack orchestrated by the Fog ransomware group. The attack resulted in a data leak of approximately 10GB, compromising the seminary's primary domain, asburyseminary.edu. This breach potentially exposed sensitive information related to the seminary's operations and stakeholders, highlighting the growing threat of cyberattacks on educational and religious institutions.
About the Fog Ransomware Group
Fog ransomware emerged in November 2021, primarily targeting Windows systems. It is known for encrypting files and appending the extensions ".FOG" or ".FLOCKED" to affected filenames. The ransomware drops a ransom note named "readme.txt" or "HELP_YOUR_FILES.HTML," urging victims to contact the attackers for file recovery. Fog ransomware has been particularly disruptive in the education sector, with 80% of its victims located there. Attackers typically gain access to systems by exploiting compromised VPN credentials, allowing for remote infiltration.
Penetration and Impact
The Fog ransomware group likely penetrated Asbury Theological Seminary's systems by exploiting compromised VPN credentials. Once inside, the ransomware can disable Windows Defender, encrypt Virtual Machine Disk (VMDK) files, delete backups from Veeam, and remove volume shadow copies, making recovery extremely difficult. Currently, there is no known decryptor available for Fog ransomware, and paying the ransom does not guarantee file restoration. The attack on Asbury underscores the vulnerabilities educational institutions face and the critical need for robust cybersecurity measures.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!