Ransomware Attacks Linked to FIN7

Uploaded on 2022-11-23 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

The criminals behind ransomware known as Black Basta have been linked to hacking operations conducted by one of the most prolific cyber criminal gangs in the world.  

Now, Sentinel Labs has  published a new report that links the Black Basta ransomware to hacking operations conducted by the FIN7 threat actors. FIN7 have been involved in numerous ransomware operations such as those carried out by REvil, DarkSide, BlackMatter and BlackCat

Analysis of tools that were used in the Black Basta ransomware attacks, which have claimed over 90 organisations as of September 2022, has found clear ties between their threat actor and the FIN7 cyber crime gang known as Carbanak.

Researchers from Sentinel Labs began tracking Black Basta operations in early June after noticing overlaps with an apparently different case. They found that the Black Basta threat actors used a tool that has previously only been found in an incident perpetrated by FIN7. They also found several other instances of the Black Basta ransomware using the tool, establishing a link between the groups.

Sentinel Labs say that analysis of the tool led to additional samples containing a backdoor leveraged in multiple FIN7 operations.

The packer source code used in the FIN7 operations was also deployed in Black Basta operations. Other ties have also been established between the two groups, including the usage of point of sale (POS) malware to conduct financial fraud. Sentinel Labs stated that the threat actor or an affiliate group began to write tools from scratch, disassociating new operations from older ones. “Black Basta ransomware emerged in April 2022 and went on a spree breaching over 90 organisations by Sept 2022.

The rapidity and volume of attacks prove that the actors behind Black Basta are well-organised and well-resourced, and yet there has been no indications of Black Basta attempting to recruit affiliates or advertising as a RaaS on the usual darknet forums or crimeware marketplaces.  “This has led to much speculation about the origin, identity and operation of the Black Basta ransomware group,” says the Sentinel Labs report.

The Sentinel Labs advisory comes weeks after a report from Ivanti suggested that ransomware, including Black Basta, has increased by 466% since 2019 and is being used increasingly as a precursor to physical war.

Bleeping Computer:    US Dept. of Justice:     Oodaloop:    Infosecurity Magazine:    Sentinelone:   TEISS:   

UnifiedGuru:   SecurityIntelligence:       

You Might Also Read:

Russia's Criminal Hackers:

 

« Facial Recognition Technology Might Place Children At Risk
Phishing- As-A-Service »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CERT-PA

CERT-PA

CERT-PA is the national Computer Emergency Response Team for Italian government institutions.

Somansa

Somansa

Somansa is a global leader in Data Security and Compliance solutions designed to protect valuable company information from leakage and help meet regulatory compliance requirements.

Reposify

Reposify

Reposify’s cybersecurity solution identifies, manages and defends companies’ global digital footprints.

Data Security Inc

Data Security Inc

Data Security, Inc. is the leading American manufacturer and supplier of hard drive degaussers, magnetic tape degaussers as well as hard drive and solid state destruction devices.

eResilience

eResilience

eResilience is a division of Referentia Systems, a pioneer in an ultra-secure information safeguarding technique known as “Enclaving”, in which data can be segmented and protected within a network.

Google for Startups

Google for Startups

Google for Startups is Google’s initiative to help startups thrive across every corner of the world.

Red Piranha

Red Piranha

Red Piranha's Crystal Eye Unified Threat Management Platform is designed for Managed Service Providers and corporations that need extreme security that is both easy to use and affordable.

Take Five

Take Five

Take Five is a national campaign offering straight-forward, impartial advice that helps prevent email, phone-based and online fraud – particularly where criminals impersonate trusted organisations.

Secuvant

Secuvant

Secuvant is an independent IT Security firm providing enterprise-grade IT security services to mid-market organizations.

Brookcourt Solutions

Brookcourt Solutions

Brookcourt Solutions delivers cyber security, network monitoring technologies and managed security services to help secure and protect your organisation’s critical infrastructure.

Comparitech

Comparitech

Comparitech strives to promote cyber security and privacy for all. We are committed to providing detailed information to help our readers become more cyber secure and cyber aware.

Skyhawk Security

Skyhawk Security

Skyhawk Security is the originator of Cloud threat Detection and Response (CDR), helping hundreds of users map and remediate sophisticated threats to cloud infrastructure in minutes.

ThreatNG Security

ThreatNG Security

ThreatNG is redefining external attack surface management (EASM) and digital risk protection with a platform of unmatched breadth, depth, and capabilities in thwarting technical and business threats.

ADNET Technologies

ADNET Technologies

ADNET Technologies is a SOC 2, Type II Compliant IT management and cybersecurity firm.

Brightside AI

Brightside AI

Brightside AI is a Swiss cybersecurity SaaS that helps teams combat AI-enabled phishing threats. Protect your team today.

Qodea

Qodea

Qodea (formerly Appsbroker CTS) is Europe's largest Google Premier only transformation partner.