Security News > 2020 > October > FIN11 Cybercrime Gang Shifts Tactics to Double-Extortion Ransomware

The FIN11 financial crime gang is shifting its tactics from phishing and credential-theft to ransomware, researchers said.

According to FireEye Mandiant researchers, FIN11 is notable for its "Sheer volume of activity," known to run up to five disparate wide-scale email phishing campaigns per week.

Researchers have recently observed attacks in which FIN11 threatened to publish exfiltrated data to pressure victims into paying ransom demands, in a tactic known as double extortion.

FIN11 is a subset of the larger TA505 group, which is a financially motivated cybercrime group that has been actively targeting various industries, including finance, retail and restaurants, since at least 2014.

"There is a whole marketplace of providers that cater to and operate in what some refer to as the dark web. These services are not limited to the ones described as in use by FIN11 but include code-writing services, monetary exchanges and more," he said.

News URL

https://threatpost.com/fin11-gang-double-extortion-ransomware/160089/