FIN11, a financially-motivated hacker group with a history starting since at least 2016, has adapted malicious email campaigns to transition to ransomware as the main monetization method. FIN11 targets companies primarily in North America and Europe from almost every industry sector to steal data and to deploy Clop ransomware. The researchers treat FIN11 as a separate threat actor, noting its significant overlap in tactics, techniques, and malware used by TA505. The group also uses FlawedAmmyy, a malware downloader seen in attacks from TA505 and Silence.
Source: https://www.bleepingcomputer.com/news/security/fin11-hackers-jump-into-the-ransomware-money-making-scheme/