FIN7 threat actor updated its ransomware activity

2022-12-27 17:53

FIN7 is a threat actor that mostly focuses on stealing financial information, but it also sells sensitive information stolen from companies.

FIN7 started using ransomware in 2020, being affiliates of a few of the most active ransomware groups: Sodinokibi, REvil, LockBit and DarkSide.

To operate ransomware, FIN7 chooses its target according to public information about companies and their revenues.

Once the initial access is gained on the target's network, FIN7 spreads inside the network and steals files before encrypting them via the ransomware code.

Affiliates of FIN7 sometimes work for multiple ransomware threat actors.

FIN7 has hit 8,147 targets around the world, with 16,74% of it being in the U.S. Figure B. Russia is also highly targeted, though the country never appears in later stages of the attack cycle; therefore, this heat map should be considered as a good indicator of large campaigns hitting companies at the first stage, but a lot of those are then not considered worth the effort for the FIN7 threat actor for different reasons.

News URL

https://www.techrepublic.com/article/fin7-threat-actor-ransomware/

#fin7 #ransomware #threat

News URL

Related news