The FIN7 cybercrime group has added the Clop ransomware to its arsenal after a period of inactivity. They are known for previously using ransomware variants like REvil and Maze.


According to a series of tweets from the Microsoft Security Intelligence Twitter account FIN7, also known as Sangria Tempest, deploys various tools to gain access to victim systems before deploying Clop ransomware. They have targeted numerous U.S. companies, stealing customer payment card details.

The relationship between FIN7 and the Clop ransomware actors is a new development, possibly indicating a partnership.