FIN7, a noted group of cyber criminals, has slowly taken up ransomware-as-a-service because it is proving profitable to most. The organization that has the reputation of making around $1.3 billion by cyber attacking over 100 companies across the world has also emerged as a threat group in recent times.
Cybersecurity researchers from Mandiant revealed that FIN7 used to fund operations related to REvil, Darkside, BlackMatter and BlackCat till date. But now, it is intending to lead the stream with a new variant of ransomware on its own and will enter the data extortion field from now on.
As per the details available to Cybersecurity Insiders, FIN7 is the same hacking group that was behind the spread of ransomware to Colonial Pipeline last year, leading to a kind of fuel supply shortage in the east of the United States.
The threat actors were also involved in infiltrating a power plant in the North of the United States through a backdoor and often intricate in spreading malware through phishing attacks.
Interestingly, just after the announcement of the first lockdown because of the COVID-19 spread, the hackers group created a fake security firm dubbed ‘Bastion Secure’ to hire hackers and tricked them into running a campaign of distributing file encrypting malware.
FBI later discovered in its research that FIN7 is very professional and takes its cyber-attack business seriously. It appears to speak Russia and is apparently being funded by the Kremlin.
Concerningly, it holds its operation on the corporate scale as it has a dedicated group of C-level employees, sales and marketing teams, a Human Resource team, a team of accountants, money laundering executives whose main job is to source digital money laundering mules and pay their commission, a dedicated customer support for victims to contact, and a team of engineering expertise whose aim is to conceal FIN7 activities from eyes of the law enforcement.