SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Firewalls
#
Network Security
#
Cybersecurity

Ransomware gang Fog publishes victim IPs on Dark Web

Yesterday
Author image
By Shannon Williams, Journalist

Cybersecurity experts from Kaspersky have revealed a new strategy employed by the ransomware gang known as Fog, which involves making victims more vulnerable to further attacks by publicising their IP addresses on the Dark Web.

The Global Research and Analysis Team (GReAT) at Kaspersky has identified that the Fog Ransomware group, previously known for targeting a variety of industry sectors, has started publishing victim IP addresses along with their stolen data on the Dark Web. This approach marks a departure from the traditional methods of extortion typically used in ransomware attacks.

According to the GReAT team, Fog Ransomware, a Ransomware-as-a-Service (RaaS) business that emerged in 2024, provides ransomware and its infrastructure to other cybercriminals. It has targeted sectors including education, recreation, and finance by exploiting compromised VPN credentials to encrypt data on both Windows and Linux systems, often within two hours.

The new tactic not only puts additional psychological pressure on victims but also heightens the risk of further attacks and regulatory penalties for the affected organisations, GReAT says. By publicising IP addresses, Fog provides an avenue for additional criminal activity, as external threat actors may target the compromised networks with attacks such as credential stuffing or botnet activity.

"As ransomware operators face declining payments due to improved cybersecurity defences and regulatory pressures, they seek to refine their ransom extortion methods to maintain leverage over victims," comments Marc Rivero, Lead Security Researcher with Kaspersky GReAT.

"The public exposure of IP addresses in conjunction with data leaks may increase the likelihood of organisations complying with ransom demands in future incidents. This tactic could be a fear-driven marketing strategy, where the attackers showcase their ruthlessness in an effort to intimidate future victims into paying quickly," he says.

To safeguard against such threats, Kaspersky recommends several protective measures: providing cybersecurity training courses for employees, regularly backing up data and storing it in a network-isolated location, installing reliable protection on all corporate devices, using an Extended Detection and Response (XDR) solution to monitor for suspicious activity, and outsourcing threat detection and response to specialists.

Kaspersky is a global cybersecurity and digital privacy company founded in 1997, with over a billion devices protected to date from emerging cyberthreats and targeted attacks.

Established in 2008, Kaspersky's Global Research & Analysis Team (GReAT) uncovers APTs, cyber-espionage campaigns, major malware, ransomware, and underground cyber-criminal trends across the world. The GReAT team consists of 35+ experts working globally – in Europe, Russia, Latin America, Asia, Middle East. The team of security professionals provide company leadership in anti-malware research and innovation.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Sysdig reveals cloud security trends in new 2025 report
Radware named strong performer in Forrester WAF review
NTT DATA & Rubrik enhance global ransomware protection
NetFoundry launches updated security platform for OT use
KnowBe4 wins 5-Star Award in 2025 CRN Partner Guide
Top stories
Data backup vital says ISMS.online officer as day nears
Exclusive: Pulseway discusses drive for simplicity and efficiency in IT management
CrowdStrike boosts Falcon with new AI risk management tools
Milestone Systems unveils XProtect 2025 R1 with new features
NVIDIA GTC: Realize the promise of AI agents as a workforce multiplier in cybersecurity