Russian crime group that involved mostly in finance related crimes seems to have taken an alternative route to make money these days. Dubbed as FIN11, the said crime group is seen distributing CLOP ransomware and making money through data extortion.
Security researchers from Mandiant have discovered this activity in 2019, but made it public now to alert private and public entities about the attack.
“All these days FIN11 was involved in financial crime and payment card thefts. And now they are into file encrypting malware distribution as the earning stream assures something for sure on a monetary note”, said Katie Holmes, a researcher at Mandiant.
FIN11 is currently seen targeting corporations holding sensitive data such as law firms and those involved in R&D of technology products, medical products, and vaccine meant to stop the spread of COVID-19.
First, they steal data and lock down the database of the victim by encrypting it until a ransom is paid. And if in case the victim rejects their ransom demands, they sell the stolen data on the dark web to make money added Ms. Holmes.
As most of the attacks are being launched via emails, threat research firm Mandiant is urging the online users to play safe while accessing online services. The Virginia Cybersecurity firm is also encouraging public in using anti-malware and threat detection solutions to secure themselves from ransomware attacks.
Mandiant is recommending users to have automated backups in place to recover data at the time of disasters like malware attacks.