Emergent ransomware gang FIN12 strikes hospitals, moves quickly against big targets

Written by
Oct 7, 2021 | CYBERSCOOP

A Russian-speaking ransomware gang in recent months has aggressively targeted North American organizations with more than $300 million in revenue, with a ruthless focus on the health care sector amid the COVID-19 pandemic, according to new findings.

The threat intelligence firm Mandiant published details Thursday about a group it calls FIN12, a gang that moves quickly and uses an array of established hacking tools to infiltrate its targets. Over the past year, hackers have kept investigators busy, accounting for 20% of the ransomware incidents that Mandiant has responded to, with the next highest attackers at 5%, according to Kimberly Goody, the company’s director of cyber crime analysis.

“They have a significantly higher cadence of attacks from our perspective,” she said. “We also see that, unlike other threat actors, this group has also aggressively pursued victims in critical sectors like health care, even during the pandemic, which had resulted in several actors saying that they wouldn’t target those organizations. So FIN12 has shown that they are very aggressive and brazen in who they target.”

The designation comes during a big year for ransomware, with attacks on Colonial Pipeline, JBS and Kaseya elevating the topic

Read More: https://www.cyberscoop.com/fin12-mandiant-hospitals-300-million/