A New Ransomware Was Linked to FIN8 Hacking Group

FIN8 is a financially motivated malicious actor who has been observed attacking financial institutions for numerous years, notably by deploying POS malware capable of stealing credit card information.

As Antonia reports in her article, the financially motivated group FIN8 is notorious for organizing multiple customized phishing operations that are mostly targeting industries such as healthcare, entertainment, retail, and hospitality.

During the attacks, the threat actor used the downloader PunchBuggy and POS malware PunchTrack in an attempt to steal payment card data from Point-of-Sale (POS) systems.

What Is White Rabbit?

A new ransomware family dubbed ‘White Rabbit’ has just appeared in the wild, and according to recent research results, it might be a side-project of the FIN8 hacker gang.

We spotted the new ransomware family White Rabbit discretely making a name for itself by executing an attack on a local US bank in December 2021. This newcomer takes a page from Egregor, a more established ransomware family, in hiding its malicious activity and carries a potential connection to the advanced persistent threat (APT) group FIN8.


The White Rabbit ransomware was first mentioned publicly in a tweet by ransomware researcher Michael Gillespie, who was looking for a copy of the virus.

🔒 #Ransomware Hunt: “White Rabbit” with extension “.scrypt”, drops note for each encrypted file with “<filename>.scrypt.txt” with victim-specific information: https://t.co/ZjVay8A3Ch
“Follow the White Rabbit…” 🐰🤔

Read More: https://heimdalsecurity.com/blog/a-new-ransomware-was-linked-to-fin8-hacking-group/