Cybercrime Group FIN7 Jumps Into Ransomware Operations, Mandiant Finds


FIN7, a notorious group of cybercriminals known for disrupting businesses by infiltrating their payment systems, could be conducting another operation.

Cybersecurity company Mandiant recently found out that the hackers in this group have started launching ransomware attacks on their victims.

FIN7 hackers switch to ransomware operations

(Photo: Philipp Katzenberger from Unsplash)
Mandiant revealed that a notorious group of cybercriminals called FIN7 has turned to ransomware operations.

In an initial report Mandiant published on Monday, April 4, hackers’ tactics have changed over the past few years. The cybersecurity firm said there has been an increase in ransomware attacks spearheaded by FIN7.

Of note, the researchers wrote that the group deployed multiple security threats such as BlackCat, Ryuk, and Maze.

Mandiant added that the way hackers work has changed a lot. Despite this, they might also have ties to previous ransomware attacks that have taken place in some parts of the world.

Researchers discovered that Bastion Secure also serves as a cover for FIN7 to perform malicious operations. The experts rated this as an “important indicator” for the transition of the group to another company.

The FIN7 group was also allegedly behind the controversial attack on the Colonial Pipeline. Mandiant said these hackers were the ones handling the software used by the DarkSide suspects.

Related article: Are the Lapsus$ operations running? Bad actors could still be active in hacking despite the recent arrest in the UK

How FIN7 started its operations

In another report by Cyberscoop, FIN7 is widely known for targeting financial companies in recent years. The group first began operations in 2014 when it managed to rob over $1 billion in funds sourced from over 100 global firms.

At that time, cyber criminals tricked many people into impersonating government officials. The system was indeed suspicious as the malware is automatically injected into the system when a person clicks on it.

However, FIN7 executives have been prosecuted by US authorities over the past year. Denys Iarmak and Andrii Kolpakov have been found guilty while citing the nationwide data breach that has affected many US companies. The operation resulted in huge financial losses for the victims.

Mandiant wrote that the group also disrupted a website by injecting malware installers into the specific download links. The site was popular for selling various products.

FIN7 connected to malware-spreading USB drives

Earlier this year, Tech Times reported that the FBI had warned people about widespread malware affecting USB flash drives. Authorities later found out that the hackers behind the incident were members of the FIN7 gang.

It should be noted that the FBI also said the group was posing as a legitimate US Department of Health and Human Services. Not only that, as it also pretended to be Amazon by tricking customers into installing ransomware.

The federal agency clarified that these operations have been in place since August 2021. For anyone who is unaware of this scenario, it is quite alarming that whatever you click on the internet could steal your financial or personal information.

Also read: Sugar ransomware-as-a-service operations target individual devices with low ransom demands

This article is owned by Tech Times

Written by Joseph Heinrich

ⓒ 2021 All rights reserved. Do not reproduce without permission.


About Author

Comments are closed.