FIN6 Group Diversifies Activity, Uses LockerGoga and Ryuk Ransomware


FIN6 cybercrime group has taken a step toward increased monetization of their intrusions and added ransomware to its portfolio, choosing LockerGoga and Ryuk file encryption malware for the extortion jobs.

The gang is known for compromising point-of-sale (PoS) systems, but recent incident response investigations show that FIN6 expanded its activity to other types of targets.

Threat investigators at FireEye analyzed an intrusion at a customer in the engineering industry and while evidence pointed to a FIN6 attack, the nature of the target did not match historical information about the group’s victims.

Read more…