The University of Notre Dame Australia has become the latest victim of the Fog ransomware group, which claims to have stolen 62.2GB of sensitive data in a January cyberattack.
The breach has raised significant concerns about data security and privacy, as it involves highly confidential information.
Details of the Cyberattack
According to the post from DarkWebInformer, the Fog ransomware group, active since May 2024, announced on its darknet leak site that it had successfully infiltrated the university’s systems and exfiltrated a trove of sensitive data.
The stolen files reportedly include employee and student contact details, medical records, and confidential documents such as non-disclosure agreements (NDAs) and licenses.
The university confirmed the incident in late January and reported it to the Australian Cyber Security Centre (ACSC), which is assisting in the investigation.
In a statement, a university spokesperson assured stakeholders that their primary databases for human resources, financials, and student information remain secure.
The breach appears to have impacted data stored on a limited number of servers outside these core systems.
Despite these assurances, the hackers have not issued a ransom demand or set a deadline for payment, leaving the university in a precarious situation as it works to verify the extent of the breach.
Fog Ransomware: A Growing Threat
Fog ransomware has gained notoriety for its swift and sophisticated attack methods.
The group typically exploits compromised VPN credentials to gain initial access before rapidly escalating privileges and exfiltrating sensitive data.
In some cases, they can execute an entire attack—from infiltration to encryption—in as little as two hours.
Unlike many ransomware groups that focus on double or triple extortion tactics (such as threatening to leak data publicly), Fog often prioritizes quick payouts by encrypting files and demanding ransom for decryption keys.
However, in this case, the absence of an immediate ransom demand suggests a different strategy may be at play.
Fog’s previous targets include educational institutions like Waverley Christian College and businesses such as Ultra Tune.
The group has also recently expanded its focus to sectors like finance and supply chains, underscoring its versatility and growing threat profile.
University Response and Next Steps
The University of Notre Dame Australia has taken several measures to address the breach.
External cybersecurity experts have been engaged to assist with forensic investigations.
Additionally, the university is working closely with government agencies to mitigate potential risks and ensure compliance with data protection regulations.
In its public statement, the university emphasized its commitment to transparency and pledged to notify affected individuals if personal information is confirmed to be compromised.
“We take the protection of our data seriously,” said a spokesperson.
“We thank our community for their ongoing support as we work to resolve this as swiftly as possible”.
This incident highlights the pressing need for robust cybersecurity measures in educational institutions, which are increasingly becoming prime targets for ransomware attacks.
Experts recommend implementing proactive defenses such as multi-factor authentication, regular system updates, and offline backups to mitigate risks associated with ransomware like Fog.
As investigations continue, this breach serves as a stark reminder of the evolving nature of cyber threats and the importance of vigilance in safeguarding critical data.
Also Read:
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The breach has raised concerns about data security and privacy, as it involves highly confidential information.){kind=link}