HC3 Analyst Note TIP White - FIN11 Cybercrime Group Moves into Ransomware and Extortion

October 30, 2020

Mandiant recently elevated a tracked threat cluster to the named threat group FIN11. Beginning in 2016 with phishing campaigns, this group has moved into double extortion ransomware operations utilizing CLOP ransomware. They indiscriminately attack organizations in every sector, including the pharmaceutical industry, via large phishing campaigns. Mitigations for the Healthcare and Public Health (HPH) sector can be found at the end of the report.

Key Resources

Related Resources

Special Bulletin
Senate Deal Reached to End Government Shutdown
Member
Guides and Reports
Strategies for Cyber Preparedness in Health Care
Advisory
Hospitals That Are Oracle Customers Urged to Take Immediate Action to Address Security Vulnerability
Public
Issue Landing Page
Cybersecurity and Risk Advisory Service
Issue Landing Page
Support for Your Cybersecurity Program
Guides and Reports
Cybersecurity and Risk Advisory Services