"Ransomware Intrusion Group FIN12 Ramps-Up in Europe"

Researchers at Mandiant have found that a long-running threat group with a track record of rapid ransomware deployment and healthcare sector victims is ramping up its operations in Europe and APAC.  The researchers claimed that the prolific threat group FIN12 had focused mainly on North American targets since its activities were first recorded in 2018.  Around 85% were from this region, and 20% thus far have been healthcare sector organizations, which many ransomware groups promised to steer clear of during the pandemic.  The bad news for organizations elsewhere in the world is that FIN12 appears to be changing its geographical focus.  The researchers stated that they observed twice as many victim organizations based outside of North America in the first half of 2021 than they observed in 2019 and 2020 combined. These organizations were based in Australia, Colombia, France, Indonesia, Ireland, the Philippines, South Korea, Spain, the United Arab Emirates, and the UK.  The researchers noted that this shift could be due to various factors such as FIN12 working with more diverse partners to obtain initial access and increasingly elevated and unwanted attention from the US government.

Infosecurity reports: "Ransomware Intrusion Group FIN12 Ramps-Up in Europe"