Ransomware Attacks Linked to FIN7

Uploaded on 2022-11-23 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

The criminals behind ransomware known as Black Basta have been linked to hacking operations conducted by one of the most prolific cyber criminal gangs in the world.  

Now, Sentinel Labs has  published a new report that links the Black Basta ransomware to hacking operations conducted by the FIN7 threat actors. FIN7 have been involved in numerous ransomware operations such as those carried out by REvil, DarkSide, BlackMatter and BlackCat

Analysis of tools that were used in the Black Basta ransomware attacks, which have claimed over 90 organisations as of September 2022, has found clear ties between their threat actor and the FIN7 cyber crime gang known as Carbanak.

Researchers from Sentinel Labs began tracking Black Basta operations in early June after noticing overlaps with an apparently different case. They found that the Black Basta threat actors used a tool that has previously only been found in an incident perpetrated by FIN7. They also found several other instances of the Black Basta ransomware using the tool, establishing a link between the groups.

Sentinel Labs say that analysis of the tool led to additional samples containing a backdoor leveraged in multiple FIN7 operations.

The packer source code used in the FIN7 operations was also deployed in Black Basta operations. Other ties have also been established between the two groups, including the usage of point of sale (POS) malware to conduct financial fraud. Sentinel Labs stated that the threat actor or an affiliate group began to write tools from scratch, disassociating new operations from older ones. “Black Basta ransomware emerged in April 2022 and went on a spree breaching over 90 organisations by Sept 2022.

The rapidity and volume of attacks prove that the actors behind Black Basta are well-organised and well-resourced, and yet there has been no indications of Black Basta attempting to recruit affiliates or advertising as a RaaS on the usual darknet forums or crimeware marketplaces.  “This has led to much speculation about the origin, identity and operation of the Black Basta ransomware group,” says the Sentinel Labs report.

The Sentinel Labs advisory comes weeks after a report from Ivanti suggested that ransomware, including Black Basta, has increased by 466% since 2019 and is being used increasingly as a precursor to physical war.

Bleeping Computer:    US Dept. of Justice:     Oodaloop:    Infosecurity Magazine:    Sentinelone:   TEISS:   

UnifiedGuru:   SecurityIntelligence:       

You Might Also Read:

Russia's Criminal Hackers:

 

« Facial Recognition Technology Might Place Children At Risk
Phishing- As-A-Service »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CEPS

CEPS

CEPS is a leading think tank and forum for debate on EU affairs, ranking among the top think tanks in Europe. Topic areas include Innovation, Digital economy and Cyber-security.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

Centrify

Centrify

Centrify’s Next-Gen Access is an identity & access management solution that uniquely converges Identity-as-a-Service, enterprise mobility management and privileged access management.

Cyber Exec

Cyber Exec

Cyber Exec is an executive search firm dedicated to global talent acquisition in Cyber Security, Information Technology, Defense...

RiskCentric

RiskCentric

RiskCentric is a consultancy specializing in risk management and compliance.

GoCyber

GoCyber

GoCyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

Andreessen Horowitz (a16z)

Andreessen Horowitz (a16z)

Andreessen Horowitz (known as "a16z") is a venture capital firm in Silicon Valley, California that backs bold entrepreneurs building the future through technology.

ZEBOX

ZEBOX

ZEBOX is an international incubator & accelerator of innovative startups. Focus is on Transport/Logistics and Industry X.0 including technologies such as AI, Blockchain and Cybersecurity.

AngelList

AngelList

AngelList champion startups and the people who empower them. Search tech & startup jobs, find new tech products, and invest in startups.

Securd

Securd

Securd takes opportunities away from your cyber adversaries. Cloud-delivered zero-trust DNS firewall and web filtering protection keep your business network and remote employees safe.

MalwareFox

MalwareFox

MalwareFox is an advanced, yet simple-to-use anti-malware solution for Windows computers. We provide aggressive detection capabilities and an effective malware removal tool to keep your systems safe.

Fusion Risk Management

Fusion Risk Management

Fusion Risk Management focuses on operational resilience encompassing business continuity, risk management, IT risk, and crisis and incident management.

PKI Solutions

PKI Solutions

PKI Solutions offers Public Key Infrastructure (PKI) products, services, and training to help ensure the security of organizations now and in the future.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

RAND Corporation

RAND Corporation

The RAND Corporation is a non-profit institution that helps improve policy and decision making through research and analysis.

Orchestrate Technologies

Orchestrate Technologies

Orchestrate Technologies provides computer network and IT managed services for small and mid-market clients as well as small enterprise businesses.