Notorious hacking group FIN7 adds ransomware to its repertoire

Written by
Apr 4, 2022 | CYBERSCOOP

The long-running cybercrime group FIN7, known for breaking into payment systems and corporate networks, has been moving into ransomware operations, according to researchers at security firm Mandiant.

The company said it has identified increased data-theft extortion or ransomware deployment associated with FIN7 attacks in recent years. Ransomware strains used in connection with the group’s operators include Maze, Ryuk and ALPHV — also known as BlackCat — the researchers said Monday.

“Throughout their evolution, FIN7 has increased the speed of their operational tempo, the scope of their targeting, and even possibly their relationships with other ransomware operations in the cybercriminal underground,” researchers note.

Experts noted a major indicator that the group was transitioning into ransomware in the fall when researchers at Recorded Future unmasked a company called Bastion Secure as a front for the group’s efforts to hire hacking talent. Researchers believe that FIN7 was responsible for the software behind the hack of major East Coast fuel provider Colonial Pipeline by ransomware group DarkSide. Mandiant’s research also connects FIN7 to DarkSide.

FIN7 gained notoriety for a spree of campaigns starting in 2014 that helped the group rack up more

Read More: