Fog Ransomware: From Financial Extortion to Covert Espionage

Red | Attack Report
Download PDF

Fog ransomware recently struck an Asian financial institution, with attackers dwelling inside the network for about two weeks before deploying the ransomware and setting up a persistent service. The intrusion featured an unusual mix of legitimate monitoring software (Syteca/Ekran) and open‑source pentesting tools like GC2, Adaptix C2, and Stowaway to stealthily harvest data and move laterally. Evolving since its emergence in May 2024, Fog now supports modular operations, enabling double‑extortion and campaign customization, used by multiple actors sharing infrastructure. Its stealth, flexibility, and sophisticated toolkit underscore the critical need for robust patching, vigilant monitoring, and layered defenses.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox

Cyber Horizons 2025

What Last Year’s Attacks Reveal About Today’s Risks

Watch the Webinar on-demand and get a FREE copy of our Cyber Horizons 2025 report.

Our Speakers
Speaker 1

Prateek Bhajanka Global Field CISO & Former Gartner Analyst Hive Pro Inc.

Speaker 2

Ankit Mani Manager Threat Intel HiveForce Labs

Speaker 3

Sreevani Tonipe Senior Threat Researcher HiveForce Labs