The FIN7 hacker group now also exploits ransomware

The FIN7 hacker group now also exploits ransomware

The infamous FIN7 hacker group, known for its breaches of payment systems and corporate networks, is at the center of new research from security firm Mandiant. According to the researchers, in fact, the group has intensified its operations through ransomware attacks over the past few years. Also according to Mandiant, the group would have used malware of the caliber of Maze, Ryuk and ALPHV (also known as BlackCat) for extortion activities. The various techniques employed by FIN7 would have earned criminals over US $ 1 billion through attacks against more than 100 international companies from 2014 to the present.

Mandiant researchers state that the FIN7 group has evolved considerably over the years, increasing the scope of the attacks and, probably, expanding the network of relationships with other ransomware operators in the underworld of cybercriminals. In fact, there seem to be connections with the DarkSide ransomware group, so according to Mandiant, FIN7 would have created the software used to breach Colonial Pipeline, a major fuel supplier.



The evolution of FIN7 in recent years - Source: Mandiant
Read also: The best antiviruses to protect against ransomware