Fog ransomware operators have expanded their arsenal to include legitimate and open source tools. This is, most likely, to avoid being detected before deploying the encryptor.
Security researchers from Symantec were recently brought in to investigate a Fog ransomware infection, and determined the hackers used Syteca, a legitimate employee monitoring tool, during the attack.
This program, previously known as Ekran, records screen activity and keystrokes, and hasn’t been seen abused in attacks before now.
Please select this link to read the complete article from TechRadar.