Ransomware Attacks Linked to FIN7

The criminals behind ransomware known as Black Basta have been linked to hacking operations conducted by one of the most prolific cyber criminal gangs in the world.  

Now, Sentinel Labs has  published a new report that links the Black Basta ransomware to hacking operations conducted by the FIN7 threat actors. FIN7 have been involved in numerous ransomware operations such as those carried out by REvil, DarkSide, BlackMatter and BlackCat

Analysis of tools that were used in the Black Basta ransomware attacks, which have claimed over 90 organisations as of September 2022, has found clear ties between their threat actor and the FIN7 cyber crime gang known as Carbanak.

Researchers from Sentinel Labs began tracking Black Basta operations in early June after noticing overlaps with an apparently different case. They found that the Black Basta threat actors used a tool that has previously only been found in an incident perpetrated by FIN7. They also found several other instances of the Black Basta ransomware using the tool, establishing a link between the groups.

Sentinel Labs say that analysis of the tool led to additional samples containing a backdoor leveraged in multiple FIN7 operations.

The packer source code used in the FIN7 operations was also deployed in Black Basta operations. Other ties have also been established between the two groups, including the usage of point of sale (POS) malware to conduct financial fraud. Sentinel Labs stated that the threat actor or an affiliate group began to write tools from scratch, disassociating new operations from older ones. “Black Basta ransomware emerged in April 2022 and went on a spree breaching over 90 organisations by Sept 2022.

The rapidity and volume of attacks prove that the actors behind Black Basta are well-organised and well-resourced, and yet there has been no indications of Black Basta attempting to recruit affiliates or advertising as a RaaS on the usual darknet forums or crimeware marketplaces.  “This has led to much speculation about the origin, identity and operation of the Black Basta ransomware group,” says the Sentinel Labs report.

The Sentinel Labs advisory comes weeks after a report from Ivanti suggested that ransomware, including Black Basta, has increased by 466% since 2019 and is being used increasingly as a precursor to physical war.

Bleeping Computer:    US Dept. of Justice:     Oodaloop:    Infosecurity Magazine:    Sentinelone:   TEISS:   

UnifiedGuru:   SecurityIntelligence:       

You Might Also Read:

Russia's Criminal Hackers:

 

« Facial Recognition Technology Might Place Children At Risk
Phishing- As-A-Service »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cloudera

Cloudera

Cloudera provide the world’s fastest, easiest, and most secure data platform built on Hadoop.

CERT.GOV.AZ

CERT.GOV.AZ

Azerbaijan Government Computer Incident Response Team

Ikarus Security Software

Ikarus Security Software

Ikarus focuses on antivirus and content-security solutions.

IOTA Foundation

IOTA Foundation

The IOTA Foundation is a non-profit R&D organisation focused on developing the next generation of protocols for the connected world.

CultureAI

CultureAI

CultureAI deliver intelligent cyber security awareness education and tools that build resilient security cultures where employees help defend.

CYQUEO

CYQUEO

CYQUEO is your professional partner and system integrator. We secure your organization against advanced cyber threats.

Conduent

Conduent

Conduent delivers mission-critical technology services and solutions on behalf of businesses and governments. Solution areas include digital risk and compliance.

Astaara

Astaara

Astaara is an integrated insurance services and risk management advisory business incorporating cyber risk advisory, underwriting and analytics.

CYRISMA

CYRISMA

CYRISMA is a revolutionary cybersecurity platform that helps organizations manage risk without the usual headaches associated with enterprise cybersecurity tools.

LibraSoft

LibraSoft

Librasoft creates solutions to protect information from external and internal threats.

Akito

Akito

Akito was set up to become a point of reference in the ICT market for issues related to Security and in particular Cyber Security.

Periculus

Periculus

Periculus makes managing digital risk simple. Its integrated platform offers access to purchase cyber insurance and cyber security solutions uniquely tailored to fit the needs of every business.

Stripe OLT

Stripe OLT

At Stripe OLT, we provide complete business technology solutions - Our team has an unrivalled reputation as a Microsoft Gold Partner, specialising in secure, cloud-first technology.

OpenAVN

OpenAVN

Defending your life online, keeping your data safe and private. We detect digital threats magnitudes faster than the leading antivirus software.

Fortify 24/7

Fortify 24/7

Fortify 24×7 provides a robust portfolio of managed cybersecurity solutions to help you identify and prevent attacks.

FastNetMon

FastNetMon

FastNetMon is a very high performance DDoS detection and mitigation tool which could detect malicious traffic in your network and immediately block it.