Security News > 2023 > May > Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks
The notorious cybercrime group known as FIN7 has been observed deploying Cl0p ransomware, marking the threat actor's first ransomware campaign since late 2021.
"They then use OpenSSH and Impacket to move laterally and deploy Clop ransomware."
FIN7 has been linked to other ransomware families such as Black Basta, DarkSide, REvil, and LockBit, with the threat actor acting as a precursor for Maze and Ryuk ransomware attacks.
Another notable tactic in its playbook is its pattern of setting up fake security companies - Combi Security and Bastion Secure - to recruit employees for conducting ransomware attacks and other operations.
Last month, IBM Security X-Force revealed that members of the now-defunct Conti ransomware gang are using a new malware called Domino that's developed by the cybercrime cartel.
The latest development signifies FIN7's continued reliance on various ransomware families to target victims as part of a shift in its monetization strategy by pivoting away from payment card data theft to extortion.
News URL
https://thehackernews.com/2023/05/notorious-cyber-gang-fin7-returns-cl0p.html
Related news
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)