Ransomware Attacks Linked to FIN7

Uploaded on 2022-11-23 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

The criminals behind ransomware known as Black Basta have been linked to hacking operations conducted by one of the most prolific cyber criminal gangs in the world.  

Now, Sentinel Labs has  published a new report that links the Black Basta ransomware to hacking operations conducted by the FIN7 threat actors. FIN7 have been involved in numerous ransomware operations such as those carried out by REvil, DarkSide, BlackMatter and BlackCat

Analysis of tools that were used in the Black Basta ransomware attacks, which have claimed over 90 organisations as of September 2022, has found clear ties between their threat actor and the FIN7 cyber crime gang known as Carbanak.

Researchers from Sentinel Labs began tracking Black Basta operations in early June after noticing overlaps with an apparently different case. They found that the Black Basta threat actors used a tool that has previously only been found in an incident perpetrated by FIN7. They also found several other instances of the Black Basta ransomware using the tool, establishing a link between the groups.

Sentinel Labs say that analysis of the tool led to additional samples containing a backdoor leveraged in multiple FIN7 operations.

The packer source code used in the FIN7 operations was also deployed in Black Basta operations. Other ties have also been established between the two groups, including the usage of point of sale (POS) malware to conduct financial fraud. Sentinel Labs stated that the threat actor or an affiliate group began to write tools from scratch, disassociating new operations from older ones. “Black Basta ransomware emerged in April 2022 and went on a spree breaching over 90 organisations by Sept 2022.

The rapidity and volume of attacks prove that the actors behind Black Basta are well-organised and well-resourced, and yet there has been no indications of Black Basta attempting to recruit affiliates or advertising as a RaaS on the usual darknet forums or crimeware marketplaces.  “This has led to much speculation about the origin, identity and operation of the Black Basta ransomware group,” says the Sentinel Labs report.

The Sentinel Labs advisory comes weeks after a report from Ivanti suggested that ransomware, including Black Basta, has increased by 466% since 2019 and is being used increasingly as a precursor to physical war.

Bleeping Computer:    US Dept. of Justice:     Oodaloop:    Infosecurity Magazine:    Sentinelone:   TEISS:   

UnifiedGuru:   SecurityIntelligence:       

You Might Also Read:

Russia's Criminal Hackers:

 

« Facial Recognition Technology Might Place Children At Risk
Phishing- As-A-Service »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

Decision Group

Decision Group

Decision Group are a Total Solution Supplier offering Network Forensics and Lawful Interception tools.

DFLabs

DFLabs

DFlabs is a pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap.

Prevalent

Prevalent

Prevalent takes the pain out of third-party risk management. Companies use our services to eliminate the security and compliance exposures that come from working with vendors and suppliers.

SANS CyberStart

SANS CyberStart

SANS CyberStart is a unique and innovative suite of tools and games designed to introduce children and young adults to the field of cyber security.

SEPPmail

SEPPmail

SEPPmail is a patented e-mail encryption solution to secure your electronic communication.

Excellium Services

Excellium Services

Excellium’s Professional Services team combines expertise and experience that complements your in-house security resources.

AXA XL

AXA XL

AXA XL is the P&C and Specialty Risk Division of AXA. Professional insurance products include Cyber Insurance.

BotGuard

BotGuard

BotGuard provides a service to protect your website from malicious bots, crawlers, scrapers, and hacker attacks.

3wSecurity

3wSecurity

3wSecurity provides visibility to your company’s internet facing systems throughout the security life cycle, allowing for a more thorough approach to vulnerability management.

SafeCipher

SafeCipher

At SafeCipher, we pride ourselves on being your single vendor-neutral resource for navigating the complexities of cryptographic data encryption.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

Blacksands

Blacksands

Blacksands is a leader in network architecture, identity & services management, threat analysis, industrial IoT architecture, and invisible dynamic networks.

Protecto

Protecto

Make privacy and governance effortless. Brakes allow you to drive faster. Stronger data privacy and security enable companies to unlock the full potential of the data.

Bastazo

Bastazo

Bastazo provides tools for vulnerability and patch management. Focus your cybersecurity operations on vulnerabilities with the highest risk of exploitation.

Helix Tech Consulting

Helix Tech Consulting

Helix Tech have expertise in a wide range of technology areas, including IT strategy, infrastructure design, cybersecurity, disaster recovery, cloud, data centers, IT cost optimization, and more.