Weekly Intelligence Summary 23 October 2020

October 23, 2020

A ruthless, ever-evolving cyber-threat group, “FIN11”, has been discovered deploying “Clop”: ransomware that encrypts and exfiltrates data. The newly identified, financially motivated group has been active since at least 2016, tirelessly upgrading its tactics, techniques, and procedures (TTPs) to achieve infection and evade detection. FIN11 shows technical sophistication and persistence, often re-infecting organizations after losing initial access. Analysis revealed many substantial similarities between FIN11 and “TA505”, another financially motivated group known to deploy Clop, although a connection between the two cannot be confirmed. FIN11 should be considered to pose a serious threat that will remain active and prevalent in 2020 and 2021.

Previous Report
Weekly Intelligence Summary 30 October 2020
Weekly Intelligence Summary 30 October 2020

After a short hiatus, the “Ryuk” ransomware variant is back with upgrades, including the ability to fully e...

Next Video
Webinar: Understanding the Risk of Exposed Access Keys
Webinar: Understanding the Risk of Exposed Access Keys

In this webinar, attendees will learn about Digital Shadows' most recent research into exposed access keys,...

Want To Try Our Digital Risk Protection Tool?

Get Started Free