Ransomware Attack on DJG Projects by Fog Group Results in 19.4GB Data Breach

Incident Date: Jul 16, 2024

Attack Overview
VICTIM
Djg Projects
INDUSTRY
Construction
LOCATION
Australia
ATTACKER
Fog
FIRST REPORTED
July 16, 2024

Ransomware Attack on DJG Projects by Fog Ransomware Group

Overview of DJG Projects

DJG Projects Pty Ltd is a bespoke building company based in Currumbin Waters, Queensland, Australia. Specializing in eco-friendly homes, architectural home building, and renovations, the company has earned recognition for its commitment to sustainable building practices, including a HIA Green Smart Award. Founded by David Goymour, DJG Projects operates with a focus on affordable sustainability, strong ethics, and a personal approach to each project. The company holds licenses in both Queensland and New South Wales and is classified as a small business, typically indicating a limited number of employees and a focus on local projects within the Gold Coast and Northern New South Wales regions.

Details of the Ransomware Attack

On July 17, 2024, DJG Projects fell victim to a ransomware attack orchestrated by the threat actor known as Fog. The attack resulted in a significant data breach, with 19.4GB of sensitive information being compromised. The incident underscores the growing threat of ransomware to businesses of all sizes and sectors, emphasizing the need for robust cybersecurity measures to protect valuable data and maintain operational integrity.

About Fog Ransomware Group

Fog ransomware is a malicious software variant that emerged in November 2021, primarily targeting Windows systems. It is known for encrypting files and appending the extensions ".FOG" or ".FLOCKED" to the affected filenames. The ransomware drops a ransom note named "readme.txt" or "HELP_YOUR_FILES.HTML," informing victims that their files have been encrypted and urging them to contact the attackers for file recovery. Fog ransomware has been particularly disruptive, with a significant focus on the education sector and the recreation industry. Attackers typically gain access to systems by exploiting compromised VPN credentials from two different vendors, allowing for remote infiltration.

Penetration and Impact

The Fog ransomware group distinguishes itself by its ability to disable Windows Defender, encrypt Virtual Machine Disk (VMDK) files, delete backups from Veeam, and remove volume shadow copies, making recovery extremely difficult. Currently, there is no known decryptor available for Fog ransomware, meaning that paying the ransom does not guarantee file restoration. The ransom demands are usually made in Bitcoin, and the threat actors may provide a link and a code for communication within the ransom note. The operational structure of the Fog ransomware group remains unclear, with ongoing research aimed at understanding its deployment and impact.

Sources

Disclaimer

The Halcyon Attacks Lookout Database is compiled using publicly available information based on the hosting choices of real-world threat actors and data from a variety of trackers. This information is provided in accordance with principles of fair use. Halcyon has made reasonable efforts to sanitize and verify the data; however, we do not guarantee the accuracy, completeness, or reliability of the information provided. Updates to the database are made as new source data becomes available from reputable sources.  By accessing, viewing, or using the information within the Halcyon Attacks Lookout Database, you acknowledge and agree to do so entirely at your own risk. No reliance should be placed upon the information for decision-making, and Halcyon disclaims all liability for any inaccuracies or omissions in the data.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.