- A high-ranking member of the ‘FIN7’ hacking group has received a punishing sentence in the U.S.
- The Ukrainian national will sit seven years in the cell and will also pay restitution of $2.5 million.
- FIN7 continues to be operational and quite active today, despite the multiple arrests they have suffered.
The District Court in the Western District of Washington has announced a sentence of seven years in prison to Andrii Kolpakov, 33, a Ukrainian national who was confirmed to be a prominent member of the ‘FIN7’ (aka ‘Carbanak’) hacking group. In addition to the imprisonment sentence, Kolpakov was also ordered to pay restitution of $2,500,000, with the amount being indicative of the damage done due to the group's activities.
According to the indictment, since 2015, ‘FIN7’ launched multiple malware campaigns attacking hundreds of U.S. companies, mainly entities engaging in the gambling, hospitality, and restaurant sectors. As a result of these attacks, FIN7 stole millions of customer credit and debit card details which they then sold on the dark web for profit. The malware was sent to users in the form of email attachments and was activated upon opening.
In absolute numbers, the U.S. DoJ announcement says FIN7 has compromised systems in all 50 states of the country, stole 20 million card records belonging to American citizens, infected 6,500 POS devices with malware, and breached 3,600 business locations. The total amount of losses for the victims is estimated to exceed $1 billion, and this is only for the United States. FIN7 has also attacked firms in Australia, France, and the United Kingdom.
Kolpakov joined the group in April 2016 and was arrested in June 2018. He held a managerial position in the group, assigning other hackers their individual roles and responsibilities. Notably, it was proven that Kolpakov was aware of reports of arrests of other FIN7 members but chose to continue his malicious contributions to the group due to the massive financial gains he was enjoying.
The same applies to the rest of the group, which remains operational despite the arrests that have taken place all these years. Obviously, the busted members are being replaced by new operatives who are willing to take the risk. In January this year, we reported about yet another sign of the group’s continual evolution with the discovery of a new JSSLoader being added into its arsenal.