FIN12 hits healthcare with quick and focused ransomware attacks

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
While most ransomware actors spend time on the victim network looking for important data to steal, one group favors quick malware deployment against sensitive, high-value targets.
It can take less than two days for the FIN12 gang to execute on the target network a file-encrypting payload - most of the time Ryuk ransomware.

Fast-moving FIN12​


FIN12 is a prolific threat actor with a strong focus on making money that executes ransomware attacks since at least October 2018.
The group is a close partner of the TrickBot gang and targets high-revenue victims (above $300 million) from various activity sectors and regions on the globe.
 

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520

The group strikes big game targets with annual revenues of over $6 billion.
You'd hope that even though ransomware is a lucrative criminal enterprise, there might be some targets that are kept off the list for ethical reasons.
This is not so with FIN12, a big game hunting ransomware group of which one in five of the group's victims is within the healthcare sector.

Speaking to ZDNet, Joshua Shilko, Principal Analyst at Mandiant said the group has earned itself a place in the "top tier of big game hunters" -- the operations which focus on the targets most likely to offer the biggest financial rewards in ransom payments.

"By all measures, FIN12 has been the most prolific ransomware actor that we track who is focused on high-value targets," Shilko said. "The average annual revenue for FIN12 victims was in the multi-billions. FIN12 is also our most frequently observed ransomware deployment actor."
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top