Extorting money from companies and other organizations using sophisticated ransomware has become a highly profitable business model for cybercriminals. This has also led to a shift in focus for some groups that were traditionally involved in financial crime and payment card theft.
According to a new report by Mandiant, one such group is FIN11, which throughout 2017 and 2018 targeted primarily organizations from the financial, retail and restaurant sectors. Starting in 2019, however, the group diversified its targeting and arsenal and transitioned to ransomware distribution. In more recent months it doubled down on extortion by also stealing business data from victims and threatening to release it publicly if they don’t pay the ransoms.