Security News > 2020 > October > FIN11 hackers jump into the ransomware money-making scheme
FIN11, a financially-motivated hacker group with a history starting since at least 2016, has adapted malicious email campaigns to transition to ransomware as the main monetization method.
Mandiant today published an overview of the FIN11 activity and its transition to the ransomware scene.
FIN11 also uses FlawedAmmyy, a malware downloader seen in attacks from TA505 and Silence, a group of hackers targeting banks across the world.
Responding to incidents where FIN11 dropped Clop ransomware, Mandiant found that the actor did not abandon the target after losing access.
The researchers do not specify the FIN11 ransom demands from the incidents they investigated but note that ransomware remediation firm Coveware indicates amounts between a few hundred thousand to $10 million.
News URL
Related news
- Belarusian-Ukrainian Hacker Extradited to U.S. for Ransomware and Cybercrime Charges (source)
- Pioneer Kitten: Iranian hackers partnering with ransomware affiliates (source)
- Iranian hackers work with ransomware gangs to extort breached orgs (source)
- Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware (source)