The ransomware payload embedded in the discovered samples has been verified as FOG ransomware and is detected as Ransom.Win32.FOG.SMYPEFG. All discovered variants carry the same payload and only differ on the key used to decrypt the payload.
Conclusion and security recommendations
FOG ransomware is a relatively new ransomware family that enterprises must add to their watchlist. Regardless of the origins and motivations behind the FOG ransomware samples we investigated, whether executed by the original operators using DOGE references for trolling purposes or by other actors embedding FOG ransomware into their binaries for impersonation, the impact of a successful ransomware attack could still potentially cost enterprises financial loss and operational disruption.
Outpace ransomware threats by monitoring indicators of compromise (IoCs) as part of a proactive cybersecurity defense. This approach allows for early detection of threats, enhances security measures, supports forensic investigations, effectively disrupting the activities of cybercriminals. For researchers, tracking IoCs offers valuable insights into attack patterns, which can help them develop more effective…
