"Researchers Tie FIN7 Cybercrime Family to Clop Ransomware"

The cybercrime group FIN7, which has previously used ransomware strains created by groups such as REvil and Maze, has added a new strain to its arsenal. Researchers from Microsoft's security team observed the group deploying the Clop ransomware in April. This was the group's first ransomware campaign since late 2021. Microsoft noted that FIN7, which it now refers to as Sangria Tempest, was observed deploying multiple tools to gain a foothold on victim systems before moving laterally within a network and launching the Clop ransomware. Prior to managing the now-retired DarkSide and BlackMatter ransomware operations, the group deployed REvil and Maze. In November, SentinelOne researchers linked the cybercrime group to the Black Basta ransomware operation, which was responsible for high-profile attacks against the American Dental Association and the German wind farm operator Deutsche Windtechnik. Since 2012, FIN7, formerly known as Carbanak, has conducted dozens of cybercriminal operations. Around 2020, the group went from using point-of-sale malware to ransomware. Between 2015 and 2018, FIN7 was accused of attacking over 100 US companies and orchestrating breaches of many US retailers. This article continues to discuss the FIN7 cybercrime family being tied to Clop ransomware. 

The Record reports "Researchers Tie FIN7 Cybercrime Family to Clop Ransomware"