Ransomware Attacks Linked to FIN7

Uploaded on 2022-11-23 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

The criminals behind ransomware known as Black Basta have been linked to hacking operations conducted by one of the most prolific cyber criminal gangs in the world.  

Now, Sentinel Labs has  published a new report that links the Black Basta ransomware to hacking operations conducted by the FIN7 threat actors. FIN7 have been involved in numerous ransomware operations such as those carried out by REvil, DarkSide, BlackMatter and BlackCat

Analysis of tools that were used in the Black Basta ransomware attacks, which have claimed over 90 organisations as of September 2022, has found clear ties between their threat actor and the FIN7 cyber crime gang known as Carbanak.

Researchers from Sentinel Labs began tracking Black Basta operations in early June after noticing overlaps with an apparently different case. They found that the Black Basta threat actors used a tool that has previously only been found in an incident perpetrated by FIN7. They also found several other instances of the Black Basta ransomware using the tool, establishing a link between the groups.

Sentinel Labs say that analysis of the tool led to additional samples containing a backdoor leveraged in multiple FIN7 operations.

The packer source code used in the FIN7 operations was also deployed in Black Basta operations. Other ties have also been established between the two groups, including the usage of point of sale (POS) malware to conduct financial fraud. Sentinel Labs stated that the threat actor or an affiliate group began to write tools from scratch, disassociating new operations from older ones. “Black Basta ransomware emerged in April 2022 and went on a spree breaching over 90 organisations by Sept 2022.

The rapidity and volume of attacks prove that the actors behind Black Basta are well-organised and well-resourced, and yet there has been no indications of Black Basta attempting to recruit affiliates or advertising as a RaaS on the usual darknet forums or crimeware marketplaces.  “This has led to much speculation about the origin, identity and operation of the Black Basta ransomware group,” says the Sentinel Labs report.

The Sentinel Labs advisory comes weeks after a report from Ivanti suggested that ransomware, including Black Basta, has increased by 466% since 2019 and is being used increasingly as a precursor to physical war.

Bleeping Computer:    US Dept. of Justice:     Oodaloop:    Infosecurity Magazine:    Sentinelone:   TEISS:   

UnifiedGuru:   SecurityIntelligence:       

You Might Also Read:

Russia's Criminal Hackers:

 

« Facial Recognition Technology Might Place Children At Risk
Phishing- As-A-Service »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

E-Tech

E-Tech

E-Tech has been providing system support and information technology consulting services including Internet and Network Security assessments.

LogmeOnce

LogmeOnce

LogmeOnce provides users with solution to multiple Password problems, Single Sign-On (SSO), and Identity Management.

First National Technology Solutions (FNTS)

First National Technology Solutions (FNTS)

First National Technology Solutions is a leading provider of flexible, customized hosted and remote managed services including IT security and compliance.

Codified Security

Codified Security

Codified is a testing platform for mobile application software. We make it easier than ever for companies to detect and fix security vulnerabilities and ensure their applications are compliant.

NSHC

NSHC

NSHC is a provider of mobile security solutions, cyber security consulting and training, and offensive research.

Incognito Forensic Foundation Lab (IFF Lab)

Incognito Forensic Foundation Lab (IFF Lab)

IFF Lab is a premier cyber and digital forensics lab in India that offers forensic services and solutions, cyber security analysis and assessment, IT support, training and consultation.

SafeCipher

SafeCipher

SafeCypher are crypto specialists with a very specialized knowledge of Public Key Infrastructure (PKI), Hardware Security Modules (HSM), Quantum Resistant Cryptography and Crypto-Agility.

Brookcourt Solutions

Brookcourt Solutions

Brookcourt Solutions delivers cyber security, network monitoring technologies and managed security services to help secure and protect your organisation’s critical infrastructure.

Valence Security

Valence Security

Valence manages and secures your Business Application Mesh by delivering visibility, reducing unauthorized access and preventing data loss.

RankedRight

RankedRight

RankedRight empowers security teams to take immediate action on their most critical risks.

Cloud4C

Cloud4C

Cloud4C is a leading automation-driven, application focused cloud Managed Services Provider.

Board of Cyber

Board of Cyber

Board of Cyber offers Security Rating: a fast, non-intrusive, continuous, 100% automated solution to evaluate the cyber performance of an organization.

aFFirmFirst

aFFirmFirst

aFFirmFirst is a unique software solution offering a simple yet effective way for businesses to protect and control their online images and logo, as well as allowing one-click website verification.

Hack-X Security

Hack-X Security

Hack-X Security provide IT risk assessment and Digital Security Services. We are a trusted standard for businesses that must protect their data from cyber-attacks.

TeKnowledge

TeKnowledge

TeKnowledge enables governments and enterprises around the world to navigate the challenges with digital transformation today and tomorrow with elite cybersecurity protection and managed services.

Velaspan

Velaspan

Velaspan design, deploy, and manage enterprise wireless networks and cybersecurity solutions for leading businesses and brands.