BACKGROUND:
Mandiant has announced it upgraded a financially-motivated threat actor to “FIN12.”FIN12 has deliberately and aggressively targeted healthcare facilities with ransomware throughout the pandemic, and has accounted for nearly 20% of all ransomware intrusions Mandiant has responded to in the last year. Unlike other ransomware operations seen today, FIN12 does not focus on stealing data to use for extortion, and instead prioritizes speed in their operations. As a result, their average time-to-ransom is around 2.5 days which is roughly twice as fast as other ransomware gangs. This highlights a growing concern that threat actors are improving not just in terms of volume due to larger teams, but also efficiency of their operations.
