Devin Partida writes about cyber security and technology. She is also the Editor-in-Chief of 

Subscribe to our cybersecurity newsletter for the latest information.A new report has identified an aggressive and fast-acting ransomware group dubbed FIN12. The group has been active since at least October 2018 and seems to prefer health care organizations, which make up 20% of its targets.

FIN12’s attacks are fast, costly, and frequent, raising the alarm for potentially vulnerable health care companies. While these organizations may be the group’s favorite target, these attacks have implications for any industry. Here’s what businesses in any sector should take away from FIN12’s trends.

No industry is safe

One of the most troubling takeaways from the FIN12 attacks is that no organization is safe from ransomware. Many ransomware groups claim to operate according to a code, and some pledged not to target hospitals amid COVID-19. However, as FIN12’s target preferences indicate, these groups will attack anything if it’s profitable.

As more health care organizations collect more data through virtual care and smartphone surveys, they become more lucrative targets. The promise of such a large payout seems to be enough to sway cyber criminals’ supposed moral code. Despite the massive impact on health and safety these attacks can have, groups like FIN12 keep targeting them.

While health care may be FIN12’s favorite industry, it’s not their only one. The group has also attacked education, finance, government, and manufacturing organizations. Regardless of what some ransomware groups may say, any company in any sector is a potential target.

Ransomware Is growing in both scope and severity

Another thing that any industry can learn from FIN12 is how quickly ransomware is advancing. Almost 85% of FIN12’s attacks have targeted organizations in North America, but their scope is rapidly expanding. In the first half of 2021, FIN12 attacked twice as many non-North American targets as in 2020 and 2019 combined.

These ransomware attacks have also grown in their severity. Within a year, FIN12 managed to cut its time-to-ransomware in half from five to two and a half days. Its specialization, experience, and network of support from other cyber crime groups have helped it become increasingly dangerous.

As ransomware continues to grow, cyber criminals will have more resources and techniques at their disposal. Consequently, industries, companies, and defenses that were once safe likely won’t remain that way forever. Cyber security must evolve to meet rapidly advancing cyber crime threats.

Companies must do more to prevent ransomware attacks

The FIN12 attacks also highlight the importance of protecting against ransomware attacks. Many of the organizations that become targets find themselves in those situations because they’re ill-prepared. Victims are usually deficient in at least two cyber security fundamentals in a successful ransomware attack.

Since 54% of ransomware infections come from phishing emails, anti-phishing methods are crucial. Organizations should implement advanced email filtering solutions and train all employees on how to spot phishing attempts.

Making accounts harder to breach is another critical step. Multi-factor authentication (MFA) should be standard across the company and all users should use strong, unique passwords. Organizations should also segment their networks and restrict access privileges as much as possible to mitigate successful breaches.

Finally, businesses must patch their software often to stay safe from these quickly advancing threats. Considering how fast FIN12’s attacks have grown, staying on top of developing cyber crime trends is essential.

Ransomware is a growing threat for any industry

The FIN12 ransomware attacks are a troubling sign, and not just for the health care sector. The group’s growth and behavior show how ransomware gangs are developing. They’re becoming faster, more sophisticated, aggressive, and targeting a wider variety of organizations.

Companies in any industry should take note of these trends and review their cyber security strategies accordingly. What was once safe may no longer be, and it certainly won’t be in the future. However, if businesses can react to developing trends and be proactive in protecting against ransomware, they can stay safe.

Discover more insights, analysis and robust resources when you sign up for the newsletter.

Disclaimer: The views and information expressed in this article belong to the author and are not necessarily held by or Check Point Software.