"FIN12 Hits Healthcare With Quick and Focused Ransomware Attacks"

The FIN12 group has been executing ransomware attacks since October 2018 and is said to be the TrickBot gang's close partner. FIN12 targets high-revenue victims in various sectors and regions globally. It is characterized by its skipping of the data exfiltration step, which most ransomware gangs have adopted to increase their chances of financial gain. By doing away with this attribute, the group can carry out attacks significantly faster than other ransomware operations. For example, it takes the group less than two days from the initial compromise to the file encryption stage. Data collected from investigations reveal that most ransomware gangs that steal data have a median dwell time of five days, with the average value being 12.4 days. FIN12's average time spent on a victim network decreased each year, reaching less than three days in the first half of this year. The cybersecurity company Mandiant published a profile of the FIN12 group, revealing that many of its victims are in the healthcare sector. In 2019 and 2020, 71 percent of the group's victims were in the U.S., while 12 percent were located in Canada. In 2021, the group appears to have shifted its focus to organizations in Australia, Colombia, France, Indonesia, Ireland, the Philippines, South Korea, Spain, the United Arab Emirates, and the U.K. Nearly 20 percent of the attacks launched by this group have been against organizations in the healthcare sector, even during the COVID-19 pandemic. This article continues to discuss key findings surrounding FIN12 regarding its targets, operations, and partners.

Bleeping Computer reports "FIN12 Hits Healthcare With Quick and Focused Ransomware Attacks"