The “FIN12” threat group has been attracting attention for deploying ransomware in a quarter of the time typically needed, making it one of the fastest ransomware groups active today. Unlike other groups, FIN12 has not fully embraced the double-extortion technique, relying mainly on encryption. This approach enables the group to focus on improving attack efficiency, and to avoid problems with managing data-leak websites. FIN12 has primarily targeted the healthcare sector; the elevated risk posed by blocking access to healthcare systems likely explains the group’s success in receiving ransom payments. Such attacks have allegedly resulted in deaths. Regardless of the consequences, FIN12 is expected to wage more attacks, and probably become more efficient and destructive.

Threat Intel Fan?
Sign up below to get our TI updates delivered to your inbox!
Other content in this Stream

ShadowTalk host Chris alongside gives you the latest in threat intelligence.

ShadowTalk host Nicole alongside guests Rick, Ivan and Dean give you the latest in threat intelligence.

As the holiday season approaches, my family has a tradition of watching all of our favorite holiday movies—my favorite being ...

The tail end of the calendar year represents arguably the most important period for retailers and companies working in e-commerce, ...

In our first blog in this series, we covered how ransomware groups go about their recruitment, with their large teams ...

Sporting events, like the upcoming FIFA World Cup Qatar 2022 (Qatar 2022 World Cup), attract massive attention from every corner ...

As we move towards the end of 2022, now is the time to take a look back at the major ...