Cybercrime group FIN6 has been stealing credit card data to sell on the darknet to other groups looking to commit fraud. FIN6 is now using LockerGoga or Ryuk, a strain of ransomware that was used against Chicago-based Tribune Publishing. The group is believed to have collected about 20 million payment cards worth $400 million, FireEye reports. The cybercrime group has been less frequently using its original attack method – targeting POS machines, installing malware dubbed Trinity (or FrameworkPOS), moving laterally through the network.”]
Source: https://www.cuinfosecurity.com/report-fin6-shifts-from-payment-card-theft-to-ransomware-a-12358