FIN7 repositioning focus into ransomware.
Guest Ilya Volovik, Team Lead of Cyber Intelligence at Gemini Advisory, discusses his team's work on "FIN7 Recruits Talent For Push Into Ransomware." The cybercriminal group FIN7 gained notoriety in the mid-2010s for large-scale malware campaigns targeting the point-of-sale (POS) systems. In 2018, Gemini Advisory reported FIN7’s compromise of Saks Fifth Avenue and Lord & Taylor stores and the subsequent sale of over 5 million payment cards on the dark web. According to the US Department of Justice, the broader FIN7 carding campaigns have resulted in the theft of over 20 million payment card records and cost victims over $1 billion, making FIN7 one of the most infamous and prolific cybercriminal groups of the last decade. Now with ransomware proving to be cybercriminals’ preferred high-profit, jackpot venture, FIN7 has redeployed their expertise and capacity towards ransomware, with reports indicating that the group was involved in attempted ransomware attacks on US companies as early as 2020. Furthermore, despite focus from law enforcement and the arrest of four FIN7 members from 2018 to 2020, FIN7’s continued activity shows that the group remains a powerful, active threat.
The research can be found here: