Officials at the University of Oklahoma disclosed isolating certain systems impacted by suspicious IT network activity after the Fog ransomware gang took responsibility for the intrusion, which it claims resulted in the exfiltration of 91 MB of data, including employee and financial details, according to The Record, a news site by cybersecurity firm Recorded Future.
Investigation into the incident is still underway, said a University of Oklahoma spokesperson, who also noted the implementation of additional network security measures. Such a development comes amid Fog ransomware's persistent targeting of U.S. education institutions, which Arctic Wolf researchers previously reported to account for 80% of the ransomware group's victims since its emergence in May. "In each of the cases investigated, forensic evidence indicated that threat actors were able to access victim environments by leveraging compromised VPN credentials. Notably, the remote access occurred through two separate VPN gateway vendors," said Arctic Wolf.