BleepingComputer cybersecurity experts: The malware group submitted a ZIP archive with the decryptors to VirusTotal and now it plans to switch to cryptojacking.
Truesec cybersecurity experts: FIN7 and the RYUK cybercrime groups are cooperating. Maybe the first one sold its TTPs to the ransomware gang, probably they are closely affiliated and may be part of the same network
FIN7 and the RYUK (aka WIZARD SPIDER and FIN6) cybercrime groups are cooperating. It has been discovered by Truesec cybersecurity experts. Last summer researchers observed an attacker that used the tools and techniques of FIN7, including the CARBANAK RAT, to take over the network of an enterprise. In a subsequent attack almost six weeks later this foothold was used to deploy the RYUK ransomware on the victim network. The aggression marks the first instance of the combination of FIN7 tools and the RYUK ransomware, indicating a change in pattern for FIN7 attacks. Up until now the APT has not been associated with ransomware attacks. This also suggests a closer collaboration between the two gangs. It is possible the first group simply sold the access to the second, but it is probable that both are more closely affiliated and may be part of the same organized crime network.