FIN6, which is one of the sophisticated cybercriminal groups, has now moved to deploy ransomware in its attacks. This recent development was uncovered by security firm FireEye when it analyzed a cyber attack performed on an engineering industry. It was found that FIN6 installed ransomware on systems that did not have any payment data on them.
The big picture
FireEye suggested that the group’s shift to ransomware might be the next method in its extortion related operations. “As the frequency of these intrusions deploying ransomware has increased, the cadence of activity traditionally attributed to FIN6—intrusions targeting point-of-sale (POS) environments, deploying TRINITY malware and sharing other key characteristics—has declined. Given that, FIN6 may have evolved as a whole to focus on these extortive intrusions,” the researchers stated in their blog.
As always, advanced cybercriminal groups like FIN6 are continuously evolving to evade security measures and subvert large-scale networks for monetary purposes.