The Royal Spanish Academy (RAE) recently confirmed that it suffered a ransomware attack carried out by the Fog group on March 17, 2024. The hackers claimed to have stolen 1 GB of data, including sensitive information such as employee and client contacts, internal financial documents, and HR records. Fog ransomware, which has been active since April 2024, typically targets industries like education, entertainment, and manufacturing, often using compromised accounts purchased on the dark web to infiltrate networks.
In response to the attack, the RAE quickly activated containment measures, ensuring that its core linguistic tools and external services remained operational. Despite this, some specialized resources were temporarily unavailable as the recovery efforts continued. The RAE’s transparency regarding the situation highlighted its commitment to ensuring that essential services were restored promptly. Law enforcement was notified immediately, and an official report was filed with Spain’s security forces.
Fog ransomware’s modus operandi involves gaining access through compromised accounts and then utilizing lateral movement techniques to expand its reach within a network. Its attacks have affected various countries, with the group’s focus primarily on sectors that handle sensitive data. This incident underscores the growing threat faced by cultural and educational institutions, particularly those managing large amounts of private and valuable data.
Fortunately, the RAE’s quick response and cybersecurity measures limited the damage caused by the ransomware attack. The institution has ensured that its main systems remain intact, and it continues to provide services to the public. As investigations proceed, the RAE’s collaboration with authorities demonstrates its proactive stance in managing and mitigating cyber threats in the future.
Reference:
