A recent study conducted by cyber intelligence firm FireEye has discovered that popular cybercrime group FIN6 has shifted its base from circulating POS Malware to ransomware spread by using malicious encryption programs such as RYUK and LockerGoga.
According to sources, FIN6 hackers group used to make its living by spreading malware which steals card details from retail and healthcare-related firms. And then sells that info in the dark market.
But as the profit scale in the intrusions made to deploy ransomware has increased, FIN6 started to focus on the spread of ransomware, rather than just targeting Point of Sale systems with data-stealing malware.
Researchers of FireEye who made the study in association with Mandiant discovered that the tools, procedures, and invasion tactics used in the attack were similar to those leveraged in separate attacks that deployed RYUK and LockerGoga ransomware. Hence, the researchers came to the conclusion that hackers belonging to FIN6 cybercrime community might have started an initiative to spread ransomware.
FIN6 cyber crooks are now found infecting corporate servers and are now found configuring them with malware propagation ability.
Fortunately, FireEye offers advanced detection and prevention supported by actionable threat intelligence against most advanced ransomware threats. So, the solution provides real-time, in-line protection for multiple attack vectors to prevent and interfere with the activation of ransomware; preventing financial loss and business downtime.
NOTE- Ransomware is a kind of malware which encrypts data on a database and blocks it from access until a ransom is paid in exchange to a decryption key.
