HC3 Analyst Note TIP White - FIN11 Cybercrime Group Moves into Ransomware and Extortion

October 30, 2020

Mandiant recently elevated a tracked threat cluster to the named threat group FIN11. Beginning in 2016 with phishing campaigns, this group has moved into double extortion ransomware operations utilizing CLOP ransomware. They indiscriminately attack organizations in every sector, including the pharmaceutical industry, via large phishing campaigns. Mitigations for the Healthcare and Public Health (HPH) sector can be found at the end of the report.

Key Resources

Related Resources

Advisory
Hospitals That Are Oracle Customers Urged to Take Immediate Action to Address Security Vulnerability
Public
Issue Landing Page
Cybersecurity and Risk Advisory Service
Issue Landing Page
Support for Your Cybersecurity Program
Guides/Reports
Cybersecurity and Risk Advisory Services
Standards/Guidelines
Become an AHA Preferred Cybersecurity and Risk Provider
Public
Issue Landing Page
AHA Preferred Cybersecurity & Risk Provider Program